Monopolies and Market Dominance in the “GIG” eConomy: Regulatory Rumblings Rattle the Ranks!

July 7, 2019

 

INTRODUCTION:

I had initially looked at the FAAAN group (Facebook, Amazon, Alphabet/Google, Apple and Netflix), and shown how the prevailing view of Antitrust and Monopoly analysis did not fit their activities in the classical sense, but required a new paradigm that focused on the Gig eConomy, and I presented that model in some depth.[1]  Then, I singled-out Amazon as the most likely member of this group to first feel the impact of a push to break-up, due to its constant expansion into new “physical” areas in addition to the “virtual”, and the ever-greater number of competitors that these incursions invariably disrupted.[2]

Now, however, after reading Virginia Senator Mark Warner’s draft paper on Big Tech. regulation,[3] and after a review of his proposed bipartisan bill with Nebraska Senator Deb Fischer aimed at curbing what some feel has been the default “culture and conduct” of the more notorious of these online giants,[4] as well as other developments described below, I think the first target will more likely be one of the “data ‘gators” (aggregators and disseminators) – either Facebook or Alphabet/Google, or perhaps both … but this does not mean Amazon is entirely out of the limelight.

Why?  Let me explain.

 

FACEBOOK –

Historic allegations of “collusion”[5] and the use of Facebook by certain parties to carry-out foreign interference in the 2016 United States federal election campaign[6] (which saw the election of Donald J. Trump on November 9, 2019),[7] and criminal indictments issued against several Russian nationals as the aforementioned parties;[8] as well as prison sentences for several U.S. Citizens on a diversity of charges stemming from the recently concluded Mueller investigation of Russian election interference,[9] coupled with the Cambridge Analytica affair which originally broke on March 17, 2018,[10] have all kept Facebook in the public headlights – bobbing, weaving, playing whack-a-mole, and collecting hard body blows.[11]

In a public opinion piece, Mark Zuckerberg, the Facebook CEO, tried to address some of these concerns and dispel some of that public and regulatory ire, by saying:

“I believe we need a more active role for governments and regulators.  After focusing on these issues for the past two years, I think it’s important to define what roles we want companies and governments to play.  By updating the rules for the internet, we can preserve what’s best about it — the freedom for people to express themselves and entrepreneurs to build new things — while also protecting society from broader harms.”

“From what I’ve learnt, I believe we need new regulation in four areas: harmful content, election integrity, privacy and data portability.”[12]

In further pleading for a single global regulatory standard for online privacy and conduct as opposed to disparate and perhaps even conflicting rules – all competing for their own extraterritorial primacy – that might even fracture and fragment the Internet (and therefore the influence, global reach, relevance, market shares and market capitalizations of Facebook and the other online giants here listed), Mr. Zuckerberg writes, “[i] believe Facebook has a responsibility to help address these issues and I am looking forward to discussing them with lawmakers around the world.”[13]  But then, he has also been a no-show in response to the invitations to talk, of more than one group of lawmakers.[14]

In contrast, while calling for a breakup of Facebook, Chris Hughes, the company co-founder, opines over it in light of recent and ongoing events involving, and revolving around, Facebook, in lamenting that:

“The company’s mistakes — the sloppy privacy practices that dropped tens of millions of users’ data into a political consulting firm’s lap; the slow response to Russian agents, violent rhetoric and fake news; and the unbounded drive to capture ever more of our time and attention — dominate the headlines.”[15]

Facebook also has dual, leading roles as both a host platform publishing the posts, news, streams and feeds of others, and a publisher in choosing what does or does not get out, at one and the same time.[16]

 

ALPHABET/GOOGLE –

Alphabet/Google, for its part, also had its own running battles with bad publicity, most notably in Europe,[17] where the focus has ranged from antitrust and privacy, through the EU Right to be Forgotten, to emerging views on copyright laws, illegal content,[18] and consideration of the revenue potential in taxing search engines and other internet services[19] in an effort to avoid the tax base erosion of the type used by large and sophisticated, highly-profitable entities that end up paying little to no taxes[20] – all whether before or after breaking these entities up.[21]

 

AMAZON –

Amazon has been drawing serial regulatory scrutiny like a magnet in Europe – from the EU itself, Germany, Austria, France, and most recently, Italy.[22]  These cases all revolve around accusations of use of a dominant position to favour one’s own and related offerings, over those of rivals, preferential delivery fullfilment, vendor obligations to disclose pricing, and a direct complaint by France over Amazon terms of service in general – all due to Amazon’s dual and leading roles as both host marketplace for the wares of others and marketer for its own and related wares, at one and the same time.[23]  There have also been breaches at Amazon Web Services (AWS), exposing customer data and impacting privacy.[24]

 

APPLE –

Apart from some taxing queries,[25] Apple had for a long time, mostly steered clear of data scandals and unwanted regulatory scrutiny.  However, revelation of the FaceTime application vulnerability, which allowed callers to hear audio and access video feeds from certain subjects before they even answered those incoming calls;[26] coupled with the well-publicized practice of slowing down older versions of its flagship iPhone,[27] and a recent ruling by the United States Supreme Court that gave Apple App Store users the right to sue Apple directly – not as an intermediary – for monopolistic practices in the sale of applications for its platform and the distribution of system updates,[28] threw Apple right into the heart of the dual spotlights on data privacy and abusive market dominance, where the company met its above three peers: Amazon, Alphabet/Google, and Facebook, already sweating from the heat.  As a result, the Apple CEO has engaged in his own exercise of bobbing and weaving, as he asks for comprehensive regulation[29] of the data, social media, online search and online marketplace industries with four guiding principles:

“First, the right to have personal data minimized.  Companies should challenge themselves to strip identifying information from customer data or avoid collecting it in the first place. Second, the right to knowledge—to know what data is being collected and why.  Third, the right to access.  Companies should make it easy for you to access, correct and delete your personal data.  And fourth, the right to data security, without which trust is impossible.”[30] [Emphasis added].

He further suggested that the Federal Trade Commission (FTC) establish a “data-broker clearinghouse” where all data brokers would have to register, and at and through which people could exercise their privacy rights, and especially under the third of his four principles.[31]

 

NETFLIX –

Netflix has been growing by leaps and bounds and now has some 130 million subscribers worldwide, in over 190 nations.[32]  While most subscribers are too busy enjoying what they are watching (actually, often “binge”-watching with all of its drawbacks),[33] to complain too much (if at all), there have been troubling allegations of insensitivity to mass casualty disaster footage,[34] and at least one comparison of the growing global footprint of Netflix content, to the similarly expansive British and French colonialism of yore, in its broad and deep reach through our eyes, directly into our hearts and minds.[35]

“As a huge and powerful company, similar in scale to the Facebooks of the world, the mistakes that Netflix makes have global implications.  Through the stories Netflix decides to tell and promote, this company shapes how we decide to be.  A show, movie or documentary can change our beliefs about life itself.”[36]

Admittedly, achieving this current lead in the over the top (OTT) space was no cakewalk, as there were allegations of throttling (slowing the content stream) on some platforms while leaving others alone, by exploiting a rather large regulatory loophole that did not specifically prohibit that practice for entities like Netflix;[37] and major regulatory hurdles in its early Asian expansion, ranging from a shortage of local language content and local payment options, through delays due to a need for age-appropriate ratings, to criticisms for displaying prohibited violence or sexual content.[38]  Similarly, just as with its FAAAN peers here listed, Netflix also had its own European problems, in allegations from European cinema associations that it was benefitting from public funding, lax regulation, and even more loopholes, such as receiving UK tax rebates but paying no UK business taxes.[39]

 

TERRAIN AND TECHNIQUES:

Adding to this generalized agitation amongst the four (excluding Netflix) entities dominating this BigData online terrain, a concerted effort by regulators in 9 countries[40] to understand and address their shortcomings, had started to take shape in 2018, known as the International Grand Committee on Disinformation and Fake News (or the “International Grand Committee”, for short), with its inaugural evidentiary meeting held at the House of Parliament in London, England, on November 27, 2018.[41]  Faced with the repeated unwillingness and/or inability of Mark Zuckerberg to be present and answer International Grand Committee questions, the committee had accepted the attendance of Richard Allan, Vice President of Policy Solutions at Facebook, in his stead; still believing that “Mark Zuckerberg is the appropriate person to answer important questions about data privacy, safety, security and sharing.”[42]

A second, 2019 meeting of the International Grand Committee in Ottawa, Canada, hosted by the House of Commons Standing Committee on Access to Information, Privacy and Ethics at the House of Parliament, saw 5 additional nation-states sending representatives,[43]and this time, both Mark Zuckerberg and Cheryl Sandberg of Facebook, were subpoenaed, but did not attend in person or give video evidence; which latter option had also been offered.[44]  The assembled parliamentarians and their witnesses were not at all shy in expressing their frustrations and views regarding the absence of and need for social media privacy protections, Facebook in general, and its two invited but absent executives, in particular.[45]  The Committee has, however, developed 5 guiding principles to, inter alia, counter disinformation, keep personal data safe online, and more efficiently and effectively, and speedily identify and remove terrorist and violent extremist online content;[46] which are:

“(1) The internet is global and law relating to it must derive from globally agreed principles;

(2) The deliberate spreading of disinformation and division is a credible threat to the continuation and growth of democracy and a civilizing global dialogue;

(3) Global technology firms must recognize their great power and demonstrate their readiness to accept their great responsibility as holders of influence;

(4) Social media companies should be held liable if they fail to comply with a judicial, statutory or regulatory order to remove harmful and misleading content from their platforms, and should be regulated to ensure they comply with this requirement;

(5) Technology companies must demonstrate their accountability to users by making themselves fully answerable to national legislatures and other organs of representative democracy.”[47][Emphasis added]

So it is, that within the highest government circles in the United States, itself, from whence these Internet and Gig eConomy giants hail, there is an increasing realization that if their nation does not “at the very least” have a seat at the table, then its champion creations will be subjected to the regulations of everyone other than itself; and so both U.S. legislators and regulators have met this challenge, with:

• Democratic Senator Mark R. Warner (VA) and Republican Senator Deb Fischer (NE) introducing the Deceptive Experiences To Online Users Reduction (“DETOUR”) Act;[48]
• In the House of Representatives, the House Judiciary Committee, through its Subcommittee on Antitrust, Commercial and Administrative Law, launched a bipartisan initiative to “investigate the rise and use of market power online and assess the adequacy of existing antitrust laws and current enforcement levels”;[49] and
• Due to the size and scope of these modern internet giants and the “significant” federal resources needed to thoroughly review their business practices, an alleged gentleman’s agreement among the U.S. chief regulators on these hotly contested digital terrains and techniques has meant that the Department of Justice (DOJ) will focus on and review the practices of Apple and Alphabet/Google, while the Federal Trade Commission (FTC) will focus on and review the practices of Amazon and Facebook.[50]

Now ….. with all this attention on these above four behemoths, one would THINK, that tip-toeing around for the meantime would not be such a bad practise for them to quickly adopt, right? Well …..

• On Tuesday, June 18, 2019, Facebook announced that it planned to roll out a cryptocurrency (Libra) in 2020, adding customer financial information and purchasing habits to the customer personal data and browsing and sharing habits that it was under scrutiny for …. managing?![51]
• Also on Tuesday, June 18, 2019, Amazon announced that it would partner with Mastercard and TD Bank Group to offer a new branded, loyalty credit card in Canada – earning both cash back, and points that would be “automatically” redeemed as an Amazon gift card upon reaching a certain level; and thereby pushing Amazon further into the banking realm.[52]

Understandably, the reaction to Facebook’s announcement was the louder and the most widespread.[53]

 

INSTIGATING THE INVESTIGATORS:

“Google, Facebook, and their cousins Apple and Amazon have grown so vast that they have aroused the ire of the entire political establishment.  And they aren’t only transforming journalism but also politics, retail, and virtually all commerce.  The regulation, or even the breakup, of these companies is a long way off, and it’s not clear what form it would take.  But the journey has begun.”[54]

Let us consider the domestic scope of these entities, to better understand why the regulators are so incentivized and why the tech giants cannot help BUT further instigate the investigators with every step.

• In 2017, search engines generated $59.7 billion in U.S. revenues alone, with a combined 97% of that domestic market share held by Alphabet/Google (91%) and Microsoft (6%) – leaving 3% to all of their domestic competitors;[55]
• In 2018, social networking sites generated $34 billion in U.S. revenues alone, with a combined 85% of that domestic market share held by Facebook (70%), LinkedIn (10%), and Twitter (5%) – leaving 11% to all of their domestic competitors;[56]
• In 2018, the eCommerce industry generated $525.9 billion in U.S. revenues alone, with a combined 56% of that domestic market share held by Amazon (49%) and eBay (7%) – leaving 44% to all of their domestic competitors.[57]
• Without even discussing revenues, the 3 top smartphone operating system manufacturers in the United States in 2012 had a combined 94% of that domestic market share, being Google (49%), Apple (30%), and Blackberry (15%) – leaving 6% to all of their domestic competitors;[58] but by 2018 – a mere 6 years later – Blackberry no longer made smartphone operating systems at all, Google had 54% and Apple had 45% of the domestic market share, and all of their domestic competitors combined to control a mere 1% of that market.[59]

Not only do the listed companies have these revenues and control (or dominate) these market shares, they also control an increasing amount of the related[60] and (at least previously) unrelated[61] space around them, as I have shown in earlier posts.  Facebook, for example, controls Messenger, Instagram, WhatsApp, Oculus VR, and Masquerade;[62] Alphabet’s most notable offerings are Google Play, Maps, and Search, Google Cloud, Android, YouTube, and Waymo,[63] but it ultimately owns and controls over 200 separate companies;[64] Apple is already well known for its iPhone and other leading businesses of Siri, iCloud, and Beats Electronics, but it also owns and controls  Shazam, Emagic, Anobit Technologies, PrimeSense, and NeXT, Inc.;[65] and while Amazon’s reputation leads with Alexa, Echo, Kindle, Whole Foods Market, and Amazon Web Services (AWS), the company also owns and controls Audible, Kiva Systems, Twitch Interactive, Ring, Zappos, and PillPack, Inc.[66]

“Mark’s influence is staggering, far beyond that of anyone else in the private sector or in government. He controls three core communications platforms — Facebook, Instagram and WhatsApp — that billions of people use every day. Facebook’s board works more like an advisory committee than an overseer, because Mark controls around 60 percent of voting shares. Mark alone can decide how to configure Facebook’s algorithms to determine what people see in their News Feeds, what privacy settings they can use and even which messages get delivered. He sets the rules for how to distinguish violent and incendiary speech from the merely offensive, and he can choose to shut down a competitor by acquiring, blocking or copying it.”[67]

In that quotation, Chris Hughes, the co-founder of Facebook, speaks of the sheer concentration of power in Facebook’s leader.  This shows that monopoly and market dominance do not have to mean a constant commission of intentional bad acts because that kind of latent power, alone, can be sufficiently prohibitive of and harmful to, competition.  When coupled with the other above examples, is it any surprise, then, that these relentlessly acquisitive (and “disruptive” to incumbent businesses and business models) parent companies have instigated the investigators and attracted so much attention?

 

LEGAL:

Returning to some of the resurgent legalities, Senator Warner’s social media regulation proposals,[68] and his bipartisan bill with Senator Fischer,[69] both focus on addressing and deterring cases of demonstrated misconduct, restoring trust and confidence in the services offered and in the privacy of personal data online, and re-asserting the supremacy of at least one state (the apparent home state, or at least the state of claimed origin) over these borderless and relentless non-state actors.

 

POLICY PROPOSALS –

Senator Warner’s policy proposals identified the following three focal areas for policymakers:

1. “(…) understanding the capacity for communications technologies to promote disinformation that undermines trust in our institutions, democracy, free press, and markets;”[70]
2. “(…) consumer protection in the digital age;”[71]
3. “(…) the rise of a few dominant platforms poses key problems for long-term competition and innovation across multiple markets, including digital advertising markets (which support much of the Internet economy), future markets driven by machine-learning and artificial intelligence, and communications technology markets.”[72]

Proposals to counter online disinformation, included the labeling of bots, authentication of accounts and knowing the origin of posts, identifying fake accounts, imposing platform liability for state law torts such as defamation, a public interest right of data access, establishing an interagency taskforce to counter asymmetric threats to democracy, required disclosures for online political advertising, a media literacy campaign for the public, and creating a true deterrent against foreign manipulation online.[73]

Proposals to enhance online privacy and protect online data, included statutory classification and regulation of certain online providers as “information fiduciaries”, granting authority to the Federal Trade Commission to enact Rules on privacy, a comprehensive federal data protection legislation, first party consent to data collection as linked to addressing dark patterns, and fairness and transparency in algorithmic decision-making.[74]

Proposals to ensure long-term competition and innovation despite a growing concentration threat, included a data transparency bill, a “data as portable property” bill, interoperability, permitting academic researchers and qualified (smaller) businesses to access federal datasets and collections, and prescribing a base of sheer size or market share, or a level of dependence by others, at which a core function or application or platform becomes an “essential facility” with certain mandatory duties.[75]

At the heart of all of these problems, however, were dark patterns, which he wanted “statutorily determined” to be unfair and deceptive trade practices – a direct progenitor for his proposed Bill:

“Dark patterns are user interfaces that have been intentionally designed to sway (or trick) users towards taking actions they would otherwise not take under effective, informed consent.  Often, these interfaces exploit the power of defaults – framing a user choice as agreeing with a skewed default option (which benefits the service provider) and minimizing alternative options available to the user.”[76]

 

DETOUR ACT –

And then, adding real, tangible weight to those thoughts, Senator Warner joined with Senator Fischer,[77] to introduce the “Deceptive Experiences To Online Users Reduction (DETOUR) Act” on April 9, 2019.[78]  Actual examples of dark patterns include default privacy settings set to maximum sharing, consents buried deep within long and complex terms of service, spamming contacts with invitations to join once those contacts have been shared with a platform, auto-play videos that encourage compulsive usage and other addictive behaviour in serial viewing – especially in those under the age of 13, un-announced behavioural and psychological experiments and research –often conducted without informed consent, and other mechanisms and manipulative user interfaces that make it easy to sign-up for a service and very hard to cancel it and leave.[79]

Apart from targeting compulsive usage (“any response stimulated by external factors that causes an individual to engage in repetitive purposeful, and intentional behavior causing psychological distress, loss of control, anxiety, depression, or harmful stress responses”),[80] and calling for more informed consent by research subjects (who must be over the age of 13),[81] with “clear, conspicuous, context-appropriate, and easily-accessible”[82] routine research disclosures no less often then every 90-days,[83] the proposed Act also restricts its application to large online operators with “more than 100,000,000 authenticated users of an online service in any 30-day period”,[84] and calls for independent review boards to oversee behavioural or psychological research[85] and themselves register with the United States Federal Trade Commission (FTC).[86]  The Act would see some limited self-regulation through professional standards bodies of associated online operators[87] which developed bright line rules and safe harbors for member conduct that did not infringe the Act’s provisions, but all would remain subject to the FTC if the conduct rose to be or constitute such unfair or deceptive acts or practices as the FTC shall or may from time to time define.[88]

 

CONCLUSION:

Suspicions and sanctions regarding these entities for behaviours falling short of, equating, and going beyond mere dark patterns[89] to constitute sharp business practices, at the very least, have been around for quite some time …. and names were  named.  Examples of these alleged behaviours, have included:

• User profiling and contact mining to better target them for advertising campaigns and contact list growth (Alphabet/ Google, LinkedIn);[90]
• Copying the most popular offerings of vendors, as the marketplace host (Amazon); [91]
• Preferring one’s own offerings and limiting the visibility or the functionality of the offerings of others (Amazon, Alphabet/Google, Apple);[92]
• Liberally borrowing features from competitor sites (Facebook, WhatsApp, Instagram);[93]

Hughes further writes:

“As a result of all this, would-be competitors can’t raise the money to take on Facebook.  Investors realize that if a company gets traction, Facebook will copy its innovations, shut it down or acquire it for a relatively modest sum.  So despite an extended economic expansion, increasing interest in high-tech start-ups, an explosion of venture capital and growing public distaste for Facebook, no major social networking company has been founded since the fall of 2011.”

“As markets become more concentrated, the number of new start-up businesses declines.  This holds true in other high-tech areas dominated by single companies, like search (controlled by Google) and e-commerce (taken over by Amazon).  Meanwhile, there has been plenty of innovation in areas where there is no monopolistic domination, such as in workplace productivity (Slack, Trello, Asana), urban transportation (Lyft, Uber, Lime, Bird) and cryptocurrency exchanges (Ripple, Coinbase, Circle).”[94]

• Most recently (or should we say, “most recently noticed and publicized”), is the deployment and use in brick and mortar retail locations, of customer tracking Bluetooth beacons …. [95] implying that the lessons of all these earlier run-ins with assorted regulators, just didn’t stick.[96]

But, as belligerent parties increase the tempo to gain that extra ground or that extra piece of negotiating leverage in the waning days of an armed conflict, with the ceasefire date looming, so too in this mirror universe, with U.S. tech giants finding themselves “at the eve of the end” of absent to light touch U.S. regulation – due to the fact that other nations have taken-up that slack, [97] and somewhat embarrassed the U.S. into action [98]– these tech giants are now furiously expanding in all directions as far as they can and as fast as they can, in the hope that something tangible and worth branding will still be viable and left standing, once related and unrelated businesses and even the core business intestines, have all been regulatorily wrangled and disentangled, and well-whittled away – all to the lasting benefit of the consuming public, as Chris Hughes further writes:

“But the biggest winners would be the American people. Imagine a competitive market in which they could choose among one network that offered higher privacy standards, another that cost a fee to join but had little advertising and another that would allow users to customize and tweak their feeds as they saw fit. No one knows exactly what Facebook’s competitors would offer to differentiate themselves.  That’s exactly the point.”[99]

In addition to the above regulatory rumblings, now that the incumbent republican President Donald J. Trump,[100] a true maverick, has “for targeting only” joined democratic senator and presidential candidate Elizabeth Warren,[101] another true maverick, to call for lawsuits against big tech. and even for breaking them up (albeit for different reasons),[102] and especially Facebook, star of the most heated current media and regulatory attention – but not to the exclusion of Amazon, Twitter, and Alphabet/Google … that breakup hammer in this pre-season for the Q4 2020 U.S. presidential election, could fall at any time.

As another commentator has lamented, “[n]o existing regulatory framework exists or has been conceived for a global company holding personal data on one-third of the planet’s population.  Just as importantly, the commercial model driving social media is inconsistent with a ‘privacy first’ approach.  And both those factors will now lead into a back and forth on regulation and sanctions across the world.“[103]

Around the world, however, some businesses are already working under and creating solutions to stay within, the E.U. General Data Protection Regulation (GDPR) by giving data subjects more control of their own personal data and operations or analytics regarding that personal data,[104] while others still struggle to comply with that and other new and evolving stringent privacy provisions.[105] 

So, let us keep watching this U.S. prize fight (or grand mélée, as ever more of the competitive landscape is co-opted into the dance around the eye of this ever-growing storm) with the data (aggre)-gators – Facebook, Amazon, and Alphabet/Google, as they serenade and parade for, trade shots with, evade the dragnets of, and are potentially flayed and dismayed on full public and permanent display by, their own assorted and sundry “local” regulators.[106]

 

**********************************************************************

Author:

Ekundayo George is a lawyer and sociologist.  He has also taken courses in organizational and micro-organizational behavior, and gained significant experience in regulatory compliance, litigation, and business law and counseling.  He has been licensed to practise law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America.  See, for example: https://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Energy, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors.  He is a published author on the national security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal millieux.

 

Trained in Legal Project Management (and having organized and managed several complex projects before practising law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams.  Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, crisis consulting, and targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: healthcare; education and training; law and regulation; policy and plans; statistics, economics, and evaluations including feasibility studies and business cases; infrastructure; and information technology/information systems (IT/IS) – also sometimes termed information communications technologies (ICT).  See, for example: https://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

[1] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy: What Might These Look Like / Are We There Yet?  Posted July 16, 2017 on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/<

[2] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy? We are Getting There! Posted February 19, 2018 on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/2018/02/19/monopolies-and-market-dominance-in-the-gig-economy-we-are-getting-there/<

[3] United States Senator Mark R. Warner (D-VA), Vice-Chairman, Senate Intelligence Committee, United States Senate. White Paper (DRAFT).  Potential Policy Proposals for Regulation of Social Media and Technology Companies.  Visited June 6, 2019 and posted on scribd.com.  Online: >https://www.scribd.com/document/385137394/MRW-Social-Media-Regulation-Proposals-Developed#from_embed<

[4] United States Senator Warner, Mark R. [D-VA]; United States Senator Fischer, Deb [R-NE], Co-sponsors.  S.1084 –Deceptive Experiences To Online Users Reduction Act.  Introduced April 9, 2019 in the 116^th Congress, 1^st Session (2019-2020).  Visited June 19, 2019 and posted on congress.gov.  Online: >https://www.congress.gov/bill/116th-congress/senate-bill/1084/text?q=%7B%22search%22%3A%5B%22congressId%3A116+AND+billStatus%3A%5C%22Introduced%5C%22%22%5D%7D&r=17&s=1<

[5] For a deep dive into the collusion, issue, See e.g. Ryan Goodman.  Guide to the Mueller Report’s Findings on “Collusion”.  Posted April 29, 2019 on justsecurity.org.  Online:  >https://www.justsecurity.org/63838/guide-to-the-mueller-reports-findings-on-collusion/<

[6] Issie Lapowski.  How Russian Facebook Ads Divided and Targeted US Voters Before the 2016 Election.  Posted April 16, 2018 on wired.com.  Online: >https://www.wired.com/story/russian-facebook-ads-targeted-us-voters-before-2016-election/<

[7] BBC.  US election 2016 result: Trump beats Clinton to take White House.  Posted November 9, 2016 on bbc.com.  Online: >https://www.bbc.com/news/election-us-2016-37920175<

[8] United States Federal Bureau of Investigation (FBI).  RUSSIAN INTERFERENCE IN 2016 U.S. ELECTIONS – CONSPIRACY TO COMMIT AN OFFENSE AGAINST THE UNITED STATES; FALSE REGISTRATION OF A DOMAIN NAME; AGGRAVATED IDENTITY THEFT; CONSPIRACY TO COMMIT MONEY LAUNDERING.  Posted on fbi.gov and visited June 16, 2019.  Online: >https://www.fbi.gov/wanted/cyber/russian-interference-in-2016-u-s-elections<

[9] Amy Sherman.  All of the people facing charges from Mueller’s investigation into Russian meddling.  Posted March 25, 2019 on politifact.com.  Online: >https://www.politifact.com/truth-o-meter/article/2019/mar/25/who-has-already-been-indicted-russia-investigation/<  See also Alex Boutilier, Craig Silverman, Jane Lytvynenko.  Canadians are being targeted by foreign influence campaigns, CSIS says.  Posted July 2, 2019 on thestar.com.  Online:  >https://www.thestar.com/politics/federal/2019/07/02/canadas-voters-being-targeted-by-foreign-influence-campaigns-spy-agency-says.html<  Canada is preparing for its fall 2019 federal elections, with some trepidation.  See infra note 96 and accompanying text (The Canadian Press: Canada’s electoral integrity).

[10] Issie Lapowski.  How Cambridge Analytica Sparked the Great Privacy Awakening.  Posted March 17, 2019 on wired.com.  Online: >https://www.wired.com/story/cambridge-analytica-facebook-privacy-awakening/<  See also Catharine Tunney · CBC News.  A year after Cambridge Analytica scandal, calls for a national data strategy grow.  Posted March 17, 2019 on cbc.ca.  Online: >https://www.cbc.ca/news/politics/cambridge-analytica-data-strategy-1.5054943<

[11] Id.; See also supra, note 6.

[12] Mark Zuckerberg.  Mark Zuckerberg: ‘Yes, we need regulation – but we can’t do it on our own’.  Posted March 30, 2019 on independent.ie.  Online: >https://www.independent.ie/ca/business/technology/mark-zuckerberg-yes-we-need-regulation-but-we-cant-do-it-on-our-own-37967115.html<

[13] Ibid.

[14] See e.g. notes 42, 44, and 45 and accompanying text for mentions of Mr. Zuckerberg’s unavailability.

[15] Chris Hughes.  Opinion.  The Privacy Project.  It’s Time to Break Up Facebook.  Posted May 9, 2019 on nytimes.com.  Online: >https://www.nytimes.com/2019/05/09/opinion/sunday/chris-hughes-facebook-zuckerberg.html?<

[16] Ibid.

 “Mark used to insist that Facebook was just a “social utility,” a neutral platform for people to communicate what they wished.  Now he recognizes that Facebook is both a platform and a publisher and that it is inevitably making decisions about values.  The company’s own lawyers have argued in court that Facebook is a publisher and thus entitled to First Amendment protection.”

“No one at Facebook headquarters is choosing what single news story everyone in America wakes up to, of course.  But they do decide whether it will be an article from a reputable outlet or a clip from “The Daily Show,” a photo from a friend’s wedding or an incendiary call to kill others.”

[17] Ivana Kottasová, CNN Business.  How Europe is forcing Google to change.  Posted March 20, 2019 on cnn.com.  Online: >https://www.cnn.com/2019/03/20/tech/eu-antitrust-google/index.html<

[18] Id.

[19] Reuters.  UK proposes a 2% tax on tech giants like Google, Amazon and Facebook for profits they make in the country.  Posted October 29, 2018 on cnbc.com.  Online: >https://www.cnbc.com/2018/10/29/britain-to-target-online-giants-with-new-digital-services-tax.html<  See also The Associated Press.  French lawmakers approve 3% tax on online giants.  Posted July 4, 2019 on coastreporter.com.  Online:  >https://www.coastreporter.net/french-lawmakers-approve-3-tax-on-online-giants-1.23875825<  This online tax in France has passed the lower house or National Assembly, and awaits a vote in the nation’s upper house of legislators, the Senate.

[20] Nick Statt.  Apple agrees to pay Ireland $15.4 billion in back taxes to appease EU.  Posted December 4, 2017 on theverge.com.  Online: >https://www.theverge.com/2017/12/4/16736114/apple-ireland-european-union-order-back-taxes-agreement<

[21] Ben Fox Rubin, Marguerite Reardon.  Momentum grows to break up big tech, as Amazon, Facebook, Google and Apple face scrutiny.  Posted June 11, 2019 and updated June 14, 2019 on cnet.com.  Online: >https://www.cnet.com/news/momentum-grows-to-break-up-big-tech-as-amazon-facebook-google-and-apple-face-scrutiny/<

[22] Thibault Larger.  Italy competition watchdog opens probe into Amazon, adding to EU list.  The European Commission, the Austrian and German authorities have also been looking into the company.  Posted April 16, 2019 and updated April 17, 2019 on politico.eu.  Online: >https://www.politico.eu/article/italy-competition-watchdog-opens-probe-into-amazon-adding-to-eu-list/<

[23] Id.  See also Boris Groendahl.  Amazon’s Legal Woes Grow as Austria Probes Online Giant.  Posted February 14, 2019 on bloomberg.com.  Online: >https://www.bloomberg.com/news/articles/2019-02-14/amazon-s-legal-woes-grow-in-eu-as-austria-opens-antitrust-probe<

[24] Catalin Cimpanu for Zero Day.  Contractor’s AWS S3 server leaks data from Fortune 100 companies: Ford, Netflix, TD Bank.  Posted June 28, 2019 and updated June 30, 2019 on zdnet.com.  Online: >https://www.zdnet.com/article/contractors-aws-s3-server-leaks-data-from-fortune-100-companies-ford-netflix-td-bank/<  See also Mark Ward Technology correspondent, BBC News.  Exposed Amazon cloud storage clients get tip-off alerts.  Posted February 20, 2018 on bbc.com.  Online: >https://www.bbc.com/news/technology-42839462<  See also Becky Peterson.  Forget stealing data — these hackers hijacked Amazon cloud accounts to mine bitcoin.  Posted October 8, 2017 on businessinsider.com.  Online: >https://www.businessinsider.com/hackers-broke-into-amazon-cloud-to-mine-bitcoin-2017-10<

[25] Supra note 20.

[26] Davey Winder. Contributor.  Apple Confirms iPhone FaceTime Eavesdropping Exploit — Here’s What To Do.  Posted January 29, 2019 on forbes.com.  Online: >https://www.forbes.com/sites/daveywinder/2019/01/29/apple-confirms-iphone-facetime-eavesdropping-exploit-heres-what-to-do/#77affa26745b<  See contra Malcolm Owen.  ‘Celebgate’ iCloud hack perpetrator sentenced to 34 months in prison.  Posted March 1, 2019 on appleinsider.com.  Online: >https://appleinsider.com/articles/19/03/01/celebgate-icloud-hack-perpetrator-sentenced-to-34-months-in-prison<  Apple was initially blamed for this, but internal and police investigations showed that the company was not at fault.

[27] Michelle Toh, Ben Geier and Ivana Kottasová.  Global backlash spreads over Apple slowing down iPhones.  Posted February 1, 2018 on cnn.com.  Online: >https://money.cnn.com/2018/01/12/technology/apple-iphone-slow-battery-lawsuit/index.html<

[28] See Apple Inc. v. Pepper et al., No. 17-204, Slip op. (S. Ct., 2019), 587 U.S. ___ (2019), Argued November 26, 2018—Decided May 13, 2019.  Online: > https://www.supremecourt.gov/opinions/18pdf/17-204_bq7d.pdf<

[29] Tim Cook.  You Deserve Privacy Online. Here’s How You Could Actually Get It.  Visited June 17, 2019 and posted on time.com.  Online: >https://time.com/collection/davos-2019/5502591/tim-cook-data-privacy/<

[30] Ibid.

[31] Ibid.

[32] Jo Ellison.  Is Netflix’s global dominance a force for good or bad?  Posted December 27, 2018 on ft.com.  Online: >https://www.ft.com/content/13078a02-0465-11e9-99df-6183d3002ee1<  See also Louis Brennan.  How Netflix Expanded to 190 Countries in 7 Years.  Posted October 12, 2018 on nbr.org.  Online: >https://hbr.org/2018/10/how-netflix-expanded-to-190-countries-in-7-years<

[33] Joanna Clay.  Health. Science/Technology.  Is Netflix bad for you? How binge-watching could hurt your health.  Posted December 15, 2017 on usc.edu.  Online: >https://news.usc.edu/131981/is-netflix-bad-for-you-how-binge-watching-could-hurt-your-health-amazon-hulu-tv/<

[34] The Canadian Press.  CBC president compares Netflix influence to colonialism.  Posted and last updated January 31, 2019 on cbc.ca.  Online: >https://www.cbc.ca/news/entertainment/tait-netflix-colonialism-analogy-1.5000657<

[35] Ibid.

[36] Todd Van Luling.  HuffPost US.  Why Netflix Should Scare You More Than It Does – Facebook can influence elections, but Netflix can influence hearts and minds.  Posted October 10, 2018 on huffingtonpost.ca.  Online: >https://www.huffingtonpost.ca/entry/netflix-scared-bad_n_5bbcd832e4b01470d055d4b3<  There have also been allegations of factually inaccurate and otherwise problematic documentaries being presented as the truth or reality, when they are not quite so.

[37] Mike Wendy.  Netflix: Do as I say, not as I do.  Posted April 26, 2016 on washingtonexaminer.com.  Online: >https://www.washingtonexaminer.com/netflix-do-as-i-say-not-as-i-do<

[38] Nataly Pak, Eveline Danubrata.  In Asia, Netflix trips on regulation, content, and competition.  Posted April 21, 2016 on reuters.com.  Online: >https://www.reuters.com/article/us-netflix-asia/in-asia-netflix-trips-on-regulation-content-and-competition-idUSKCN0XJ0BZ<

[39] Andreas Wiseman.  Germany’s Largest Cinema Org Issues Netflix Warning As Streamer Encounters Growing Euro Heat.  Posted September 18, 2018 on deadline.com.  Online: >https://deadline.com/2018/09/netflix-germany-berlin-film-festival-hdf-kino-eu-1202465672/<

[40] U.K. Parliament, Select Committee on Digital, Culture, Media and Sport.  Parliamentarians from across the world to question Richard Allan of Facebook, and the Information Commissioner at inaugural hearing of ‘international grand committee’ on Disinformation and ‘fake news’.  Posted on parliament.uk on September 23, 2018.  Online:  >https://www.parliament.uk/business/committees/committees-a-z/commons-select/digital-culture-media-and-sport-committee/news/grand-committee-evidence-17-19/<  The 9 nation-state members of the International Grand Committee on Disinformation and Fake News, were Argentina, Belgium, Brazil, Canada, France, Ireland, Latvia, Singapore and members of the UK’s Digital, Culture, Media and Sport Committee.

[41] Ibid.

[42] Ibid.

[43] Jesse Hirsh.  What You Need to Know about the Grand Committee on Big Data, Privacy and Democracy.  Posted May 29, 2019 on cigionline.org.  Online: >https://www.cigionline.org/articles/what-you-need-know-about-grand-committee-big-data-privacy-and-democracy<  The 5 additional nation-states represented at this second meeting, were Ecuador, Estonia, Mexico, Morocco, and Trinidad and Tobago.

[44] Id.

[45] See generally Mike Blanchfield, The Canadian Press.  Big data committee blasts Mark Zuckerberg, Sheryl Sandberg for ignoring Parliament’s subpoena.  Posted May 28, 2019 on ctvnews.ca.  Online: >https://www.ctvnews.ca/politics/big-data-committee-blasts-mark-zuckerberg-sheryl-sandberg-for-ignoring-parliament-s-subpoena-1.4440295<

[46] Howard Solomon.  Social media giants focus of three-day parliamentary hearing in Ottawa.  Posted May 27th, 2019 on itworldcanada.com.  Online: >https://www.itworldcanada.com/article/social-media-giants-focus-of-three-day-parliamentary-hearing-in-ottawa/418387<

[47] Ibid.; See also infra, note 96, and Twitter’s censorship action in apparent subscription to and compliance with, principles 2 and 5.

[48] Press Release.  Office of Senator Mark R. Warner (Democrat, Virginia).  Senators Introduce Bipartisan Legislation to Ban Manipulative ‘Dark Patterns’.  Posted April 9, 2019 on warner.senate.gov.  Online:   >https://www.warner.senate.gov/public/index.cfm/2019/4/senators-introduce-bipartisan-legislation-to-ban-manipulative-dark-patterns<  See also Press Release.  Office of Senator Deb Fischer (Republican, Nebraska).  SENATORS INTRODUCE BIPARTISAN LEGISLATION TO BAN MANIPULATIVE ‘DARK PATTERNS’.  Posted April 9, 2019 on fischer.senate.gov.  Online: >https://www.fischer.senate.gov/public/index.cfm/2019/4/senators-introduce-bipartisan-legislation-to-ban-manipulative-dark-patterns<

Senator Warner, as a Virginia Democrat, serves on the Senate Banking, Budget, Finance, and Rules Committees, as well as the Senate Select Committee on Intelligence where he is the Vice-chairman.  He was also a single-term Governor of the state of Virginia (2002-6) and an early investor and longtime executive in the company that would become Nextel Communications and then merge with Sprint Corporation, a mobile telephony provider.  He is therefore well-versed in the evolving terrain and techniques of privacy and responsible data management.  See e.g. The Office of Senator Mark R. Warner.  Biography.  Visited June 18, 2019.  Online: >https://www.warner.senate.gov/public/index.cfm/biography<

On her part, Senator Fischer, as a Nebraska Republican, serves on the Senate Agriculture Committee; the Senate Commerce, Science, and Transportation Committee, where she is chairman of the Subcommittee on Surface Transportation and Merchant Marine Infrastructure, Safety and Security; and she also chairs the Senate Armed Services Subcommittee on Strategic Forces.  Senator Fischer has further served in the Nebraska legislature where she was a member of the Revenue Committee, the Natural Resources Committee and the Executive Board, and she is similarly well-versed in the in the evolving terrain and techniques of privacy and responsible data management, from having also chaired the Nebraska Legislature’s Transportation and Telecommunication Committee.  See e.g. The Office of Senator Deb Fischer.  Biography.  About Deb.  Visited June 18, 2019.  Online: >https://www.fischer.senate.gov/public/index.cfm/biography<

[49] U.S. House Committee on the Judiciary, Press Release 116^th Congress.  House Judiciary Committee Launches Bipartisan Investigation into Competition in Digital Markets.  Posted June 3, 2019 on judiciary.house.gov.  Online: >https://judiciary.house.gov/news/press-releases/house-judiciary-committee-launches-bipartisan-investigation-competition-digital<

[50] Seth Fiegerman, CNN Business.  Google, Facebook and Apple could face US antitrust probes as regulators divide up tech territory.  Posted and updated June 3, 2019 on cnn.com.  Online: >https://www.cnn.com/2019/06/03/tech/facebook-google-amazon-antitrust-ftc/index.html<  See also Anna Edgerton / Bloomberg.  House Judiciary Committee Opens Bipartisan Probe of Competition in Tech Industry.  Posted June 3, 2019 on time.com.  Online: >https://time.com/5600218/congress-bipartisan-probe-tech-industry/<

[51] Nick Statt.  Facebook confirms it will launch a cryptocurrency called Libra in 2020.  Posted June 18, 2019 on theverge.com.  Online: > https://www.theverge.com/2019/6/18/18682290/facebook-libra-cryptocurrency-visa-mastercard-digital-currency-calibra-wallet-announce<  Financial institution and financial intermediary data breaches such as the events at Desjardins (and cash or coin captures such as the events at QuadrigaCX) are not new, but they still cause widespread shockwaves when they occur, and the risk of the world seeing ever more of them is very real, indeed.  See e.g. Howard Solomon.  Huge data theft by employee at Canadian credit union.  Posted June 21, 2019 on itworldcanada.com.  Online: >https://www.itworldcanada.com/article/huge-data-theft-at-canadian-credit-union/419264<  See also Theron Mohamed.  Experts finally tracked down the digital wallets of the crypto CEO who died with sole access to millions. They say the money’s gone.  Posted March 6, 2019 on businessinsider.com.  Online: >https://markets.businessinsider.com/currencies/news/crypto-ceo-died-with-passwords-to-137-million-but-the-money-is-gone-2019-3-1028009684<  This is not to downplay the risk of bad acts resulting from giving insiders too much access to personal customer data, or not properly questioning and monitoring an employee’s claimed “need to know”.  See e.g. Zak Doffman.  U.S. Authorities Target Zuckerberg As Facebook ‘Buries’ Huge Instagram Password Breach.  Posted April 19, 2019 on forbes.com.  Online:  >https://www.forbes.com/sites/zakdoffman/2019/04/19/u-s-authorities-target-zuckerberg-as-instagram-security-breach-hits-millions/#5f87ea965062<  In fact, social media alone, before adding-in any cryptocurrency tagalong application, has already been identified as a prime and massive enabler of cybercrime.  See e.g. Helpnet Security.  Social media-enabled cybercrime is generating $3.25 billion a year.  Posted February 27, 2019 on helpnetsecurity.com.  Online: >https://www.helpnetsecurity.com/2019/02/27/social-media-enabled-cybercrime/<

[52] RTTNews.  Amazon Canada, TD Bank, Mastercard Unveil Amazon.ca Rewards Mastercard.  Posted June 18, 2019 on businessinsider.com.  Online: >https://markets.businessinsider.com/news/stocks/amazon-canada-td-bank-mastercard-unveil-amazon-ca-rewards-mastercard-1028286383<

[53] Kate Rooney.  Facebook’s ambitious cryptocurrency plan is met by a wall of regulatory and data concerns.  Posted and updated June 19, 2019 on cnbc.com.  Online: > https://www.cnbc.com/2019/06/19/facebooks-ambitious-cryptocurrency-plan-greeted-by-wall-of-regulatory-and-data-concerns.html<

[54] Jeffrey Toobin.  The House Judiciary Committee Considers Antitrust Law, the Tech Giants, and the Future of News. Posted June 14, 2019 on newyorker.com.  Online: >https://www.newyorker.com/news/daily-comment/the-house-judiciary-committee-considers-antitrust-law-the-tech-giants-and-the-future-of-news<

[55] Open Markets Institute.  America’s Concentration Crisis.  An Open Markets Institute Report.  Posted 2019 on openmarketsinstitute.org and visited June 16, 2019.  Online: https://concentrationcrisis.openmarketsinstitute.org/<  See e.g. Social Networking Sites. >https://concentrationcrisis.openmarketsinstitute.org/industry/social-networking-sites/<

[56] Id. at Search Engines. >https://concentrationcrisis.openmarketsinstitute.org/industry/search-engines/<

[57] Supra note 55 at E-commerce. >https://concentrationcrisis.openmarketsinstitute.org/industry/e-commerce/<

[58] Supra note 55 at Smartphone Operating Systems (Show Historical Data). >https://concentrationcrisis.openmarketsinstitute.org/industry/smartphone-operating-systems/<

[59] Supra note 55 at Smartphone Operating Systems (Show Current Data). >https://concentrationcrisis.openmarketsinstitute.org/industry/smartphone-operating-systems/<

[60] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy: What Might These Look Like / Are We There Yet?  Posted July 16, 2017 on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/<

[61] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy? We are Getting There!  Posted February 19, 2018 on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/2018/02/19/monopolies-and-market-dominance-in-the-gig-economy-we-are-getting-there/<

[62] Nina Godlewski.  What Company Owns Instagram?  Five Companies Owned by Facebook and How They Use Your Information.  Posted March 26, 2018 on newsweek.com.  Online: >https://www.newsweek.com/facebook-own-instagram-does-companies-apps-data-860732<

[63] mattallen1998.  The Structure of Alphabet and Google.  Posted February 11, 2019 on bcsheatechtrek.com (Boston College Carroll School of Management, Tech Trek).  Online: > https://bcsheatechtrek.com/2019/02/11/the-structure-of-alphabet-and-google/<

[64] Kevin B. Johnston.  Top 4 Companies Owned by Google.  Last updated June 3, 2019 and posted on investopedia.com.  Online: >https://www.investopedia.com/investing/companies-owned-by-google/<

[65] Nathan Reiff.  Top 7 Companies Owned By Apple.  Last updated May 16, 2019 on investopedia.com.  Online: >https://www.investopedia.com/investing/top-companies-owned-apple/<

[66] Nathan Reiff.  Top 7 Companies Owned by Amazon.  Last updated May 18, 2019 on investopedia.com.  Online: >https://www.investopedia.com/articles/markets/102115/top-10-companies-owned-amazon.asp<

[67] Chris Hughes. Opinion.  The Privacy Project.  It’s Time to Break Up Facebook.  Posted May 9, 2019 on nytimes.com.  Online: >https://www.nytimes.com/2019/05/09/opinion/sunday/chris-hughes-facebook-zuckerberg.html?<

[68] United States Senator Mark R. Warner (D-VA), Vice-Chairman, Senate Intelligence Committee, United States Senate. White Paper (DRAFT).  Potential Policy Proposals for Regulation of Social Media and Technology Companies.  Visited June 6, 2019 and posted on scribd.com.  Online: >https://www.scribd.com/document/385137394/MRW-Social-Media-Regulation-Proposals-Developed#from_embed<

[69] United States Senator Warner, Mark R. [D-VA]; United States Senator Fischer, Deb [R-NE], Co-sponsors.  S.1084 –Deceptive Experiences To Online Users Reduction Act.  Introduced April 9, 2019 in the 116^th Congress, 1^st Session (2019-2020).  Visited June 19, 2019 and posted on congress.gov.  Online: >https://www.congress.gov/bill/116th-congress/senate-bill/1084/text?q=%7B%22search%22%3A%5B%22congressId%3A116+AND+billStatus%3A%5C%22Introduced%5C%22%22%5D%7D&r=17&s=1<

[70] Supra note 68 at p 1.

[71] Id. at page p 3.

[72] Id. at p 4.

[73] United States Senator Mark R. Warner (D-VA), Vice-Chairman, Senate Intelligence Committee, United States Senate. White Paper (DRAFT).  Potential Policy Proposals for Regulation of Social Media and Technology Companies, at pp 6-14.  Visited June 6, 2019 and posted on scribd.com.  Online: >https://www.scribd.com/document/385137394/MRW-Social-Media-Regulation-Proposals-Developed#from_embed<

[74] Id. at pp 14-19.

[75] Id. at pp 19-23.

[76] Id. at p 17.

[77] Press Release.  Office of Senator Mark R. Warner (Democrat, Virginia).  Senators Introduce Bipartisan Legislation to Ban Manipulative ‘Dark Patterns’.  Posted April 9, 2019 on warner.senate.gov.  Online:   >https://www.warner.senate.gov/public/index.cfm/2019/4/senators-introduce-bipartisan-legislation-to-ban-manipulative-dark-patterns<  See also Press Release.  Office of Senator Deb Fischer (Republican, Nebraska).  SENATORS INTRODUCE BIPARTISAN LEGISLATION TO BAN MANIPULATIVE ‘DARK PATTERNS’.  Posted April 9, 2019 on fischer.senate.gov.  Online: >https://www.fischer.senate.gov/public/index.cfm/2019/4/senators-introduce-bipartisan-legislation-to-ban-manipulative-dark-patterns<

[78] Nicole Lindsey.  New Senate Bill Targets Dark Patterns Used by Big Tech Giants.  Posted April 25, 2019 on cpomagazine.com.  Online: >https://www.cpomagazine.com/data-protection/new-senate-bill-targets-dark-patterns-used-by-big-tech-giants/<

[79] Id.

[80] United States Senator Warner, Mark R. [D-VA]; United States Senator Fischer, Deb [R-NE], Co-sponsors.  S.1084 –Deceptive Experiences To Online Users Reduction Act, at §2(3) Definitions: Compulsive Usage.  Introduced April 9, 2019 in the 116^th Congress, 1^st Session (2019-2020).  Visited June 19, 2019 and posted on congress.gov.  Online: >https://www.congress.gov/bill/116th-congress/senate-bill/1084/text?q=%7B%22search%22%3A%5B%22congressId%3A116+AND+billStatus%3A%5C%22Introduced%5C%22%22%5D%7D&r=17&s=1<

[81] Id. at §2(5) Definitions: Informed Consent.

[82] Id. at §3(b)(3)(A).

[83] Id. at §(3)(b).

[84] Id. at §2(6) Definitions: Large Online Operator.

[85] United States Senator Warner, Mark R. [D-VA]; United States Senator Fischer, Deb [R-NE], Co-sponsors.  S.1084 –Deceptive Experiences To Online Users Reduction Act, at §2(4) Definitions: Independent Review Board; §3(b)(4)-(5).  Introduced April 9, 2019 in the 116^th Congress, 1^st Session (2019-2020).  Visited June 19, 2019 and posted on congress.gov.  Online: >https://www.congress.gov/bill/116th-congress/senate-bill/1084/text?q=%7B%22search%22%3A%5B%22congressId%3A116+AND+billStatus%3A%5C%22Introduced%5C%22%22%5D%7D&r=17&s=1<

[86] Ibid.

[87] Supra note 85 at §3(c).

[88] Id. at §3(d).

[89] For a very deep dive on the meaning and usage (in Europe) of dark patterns, see e.g. The Norwegian Consumer Council (ForbrukerRådet).  DECEIVED BY DESIGN: How tech companies use dark patterns to discourage us from exercising our rights to privacy.  Posted June 27, 2018 on forbrukerradet.no.  Online: >https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf<

[90] Olivia Solon.  Google’s ad tracking is as creepy as Facebook’s. Here’s how to disable it.  Posted October 21, 2016 on theguardian.com.  Online: >https://www.theguardian.com/technology/2016/oct/21/how-to-disable-google-ad-tracking-gmail-youtube-browser-history<  See also John Brownlee.  Evidence.  After Lawsuit Settlement, LinkedIn’s Dishonest Design Is Now A $13 Million Problem.  Posted October 5, 2015 on fastcompany.com.  Online: >https://www.fastcompany.com/3051906/after-lawsuit-settlement-linkedins-dishonest-design-is-now-a-13-million-problem<

[91] Michal Addady.  Merchants Say Amazon Is Copying Their Products.  Posted April 20, 2016 on fortune.com.  Online: >http://fortune.com/2016/04/20/amazon-copies-merchants/<

[92] Foo Yun Chee.  Business News.  Apple in Dutch antitrust spotlight for allegedly promoting own apps.  Posted April 11, 2019 on reuters.com.  Online: >https://www.reuters.com/article/us-apple-antitrust-netherlands/apple-in-dutch-antitrust-spotlight-for-allegedly-promoting-own-apps-idUSKCN1RN215<  See also Jack Nicas.  Google Uses Its Search Engine to Hawk Its Products.  Posted January 19, 2017 on wsj.com.  Online: >https://www.wsj.com/articles/google-uses-its-search-engine-to-hawk-its-products-1484827203<  See also Eugene Kim.  Amazon has been promoting its own products at the bottom of competitors’ listings.  Posted October 2, 2018 and Updated March 18, 2019 on cnbc.com.  Online: > https://www.cnbc.com/2018/10/02/amazon-is-testing-a-new-feature-that-promotes-its-private-label-brands-inside-a-competitors-product-listing.html<  See also Steven J. Vaughan-Nichols for Linux and Open Source.  MariaDB CEO accuses large cloud vendors of strip-mining open source.  Posted February 27, 2019 on zdnet.com.  Online: >https://www.zdnet.com/article/mariadb-ceo-accuses-large-cloud-vendors-of-strip-mining-open-source/<  Quoting and paraphrasing Michael Howard, CEO of the database server open source collaboration, MariaDB.  “Howard doesn’t have much against AWS promoting its own brands. “”That’s just merchandising. They’re welcome to do that. I don’t think it’s the right thing to do.  Right. But I’m not gonna I’m not going to be really super critical of that. Like, when you go into a pharmacy, they generally have sales on their own native things.’” But, if AWS’s going out of its way to make a rival service look inferior to its own, well, Howard’s not happy about that.” [Emphasis added].

[93] Mehvish.  Snapchat features borrowed by Facebook, WhatsApp and Instagram.  Posted April 5, 2017 on theandroidsoul.com.  Online: > https://www.theandroidsoul.com/snapchat-features-borrowed-by-facebook-whatsapp-and-instagram/<

[94] Chris Hughes.  Opinion.  The Privacy Project.  It’s Time to Break Up Facebook.  Posted May 9, 2019 on nytimes.com.  Online: >https://www.nytimes.com/2019/05/09/opinion/sunday/chris-hughes-facebook-zuckerberg.html?<  Chris Hughes, the co-founder of Facebook, speaks of Facebook’s sheer dominance and a fear of its incumbency, stymying competition and investment in those startups that might one day grow to compete with it (if allowed to even exist for more than an instant, before being bought-up or otherwise curtailed); and he says that this sequence of events replicates in other dominated fields, but not in those that are free of dominance.

[95] Michael Kwet.  Opinion.  The Privacy Project.  In Stores, Secret Surveillance Tracks Your Every Move.  Posted June 14, 2019 on nytimes.com.  Online: >https://www.nytimes.com/interactive/2019/06/14/opinion/bluetooth-wireless-tracking-privacy.html<

[96] Dave Lee North America technology reporter.  Facebook may be ‘pivoting’ to something worse.  Posted July 2, 2019 on bbc.com.  Online: >https://www.bbc.com/news/technology-48835250<  This article decries the increasing prevalence of private Facebook “Groups” that are hard to monitor, harder to find, and that can feed on ever more disinformation and fake news in silos of isolation, potentially making members ever more radical and extreme.  But see contra.  The Canadian Press.  Some tech giants sign onto Canada’s declaration on electoral integrity.  Posted May 27, 2019 on timescolonist.com.  Online: > https://www.timescolonist.com/some-tech-giants-sign-onto-canada-s-declaration-on-electoral-integrity-1.23834687<  Facebook, Alphabet/Google, and Microsoft joined on a declaration to protect the integrity of this year’s (Q3/Q4 2019) pending Canadian federal elections.  See also contra Sara Carter.  Breaking: Twitter Confirms New Policy to ‘Hide Tweets’ but Claims It’s “In the Public Interest”.  Posted June 27, 2019 on saracarter.com.  Online: >https://saraacarter.com/breaking-twitter-confirms-new-policy-to-hide-tweets-but-claims-its-in-the-public-interest/<  See further Twitter Safety.  Defining public interest on Twitter.  Posted June 27, 2019 on twitter.com.  Online:  >https://blog.twitter.com/en_us/topics/company/2019/publicinterest.html<  Twitter also appears to have gotten the message to get serious about dealing with some of the online negativity spread by those most widely-followed “Internet Influencers” of our times.  See also supra, note 47 and accompanying text (at 5 Principles).

[97] Chris Hughes. Opinion.  The Privacy Project.  It’s Time to Break Up Facebook.  Posted May 9, 2019 on nytimes.com.  Online:  >https://www.nytimes.com/2019/05/09/opinion/sunday/chris-hughes-facebook-zuckerberg.html?<  Chris Hughes, the co-founder of Facebook, speaks of how U.S. lawmakers were slow to move partly because they were in awe of Facebook and its colleagues in big tech, such as Amazon and Netflix, and partly because the American public did not see those lawmakers as “hip enough” to meet (or even understand) the modern task of technology regulation, let alone the tech. landscape.

“For too long, lawmakers have marveled at Facebook’s explosive growth and overlooked their responsibility to ensure that Americans are protected and markets are competitive. (…).  After Mark’s congressional testimony last year, there should have been calls for him to truly reckon with his mistakes. Instead the legislators who questioned him were derided as too old and out of touch to understand how tech works.  That’s the impression Mark wanted Americans to have, because it means little will change.”

In addition to the European experiences and fines regarding big U.S. tech, and despite a home nation that champions freedom of speech and is really not at all in favor of generalized censorship, India and Saudi Arabia have now acted to restrict Netflix.  See e.g. India Today Web Desk.  SC issues notice to Centre to regulate Netflix, Amazon Prime content.  Posted May 10, 2019 on indiatoday.in.  Online: >https://www.indiatoday.in/television/top-stories/story/sc-issues-notice-to-centre-to-regulate-netflix-amazon-prime-video-content-1521635-2019-05-10<  See also Emily Dreyfuss.  Culture.  Saudi Arabia Won’t Be the Last Country to Censor Netflix.  Posted January 3, 2019 on wired.com.  Online: >https://www.wired.com/story/saudi-arabia-netflix-censorship/<

[98] See supra, notes 48, 49, and 50 and accompanying text for some of these recent U.S. Regulator actions

[99] Chris Hughes. Opinion.  The Privacy Project.  It’s Time to Break Up Facebook.  Posted May 9, 2019 on nytimes.com.  Online:  >https://www.nytimes.com/2019/05/09/opinion/sunday/chris-hughes-facebook-zuckerberg.html?<  Chris Hughes, the co-founder of Facebook, speaks on the potential benefits of innovation for the creative public, in competition for the consuming public, and for commerce itself, if Facebook were broken-up.

[100] Joe Williams.  Trump: US should sue Google for ‘trying to rig’ the 2020 elections.  Posted June 26, 2019 on foxbusiness.com.  Online: >https://www.foxbusiness.com/technology/trump-us-should-sue-google-facebook<

[101] Elizabeth Warren.  Here’s how we can break up Big Tech.  Posted March 8, 2019 on medium.com.  Online: >https://medium.com/@teamwarren/heres-how-we-can-break-up-big-tech-9ad9e0da324c<

[102] Id.; Supra, note 100.

[103] Zak Doffman.  U.S. Authorities Target Zuckerberg As Facebook ‘Buries’ Huge Instagram Password Breach.  Posted April 19, 2019 on forbes.com.  Online: >https://www.forbes.com/sites/zakdoffman/2019/04/19/u-s-authorities-target-zuckerberg-as-instagram-security-breach-hits-millions/#5f87ea965062<  As it was revealed, Facebook had not properly revealed a breach, in the fact that its own employees had near unfettered access to (and did, serially so access), customer data, and the author cites to sources stating that “some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.”  There is also no global law or remedy to control how privacy is to be managed or policed on dominant global platforms.

[104] Bill Thompson, Rhianne Jones.  BBC Research and Development.  Introducing the BBC Box.  Posted June 18, 2019 and last updated July 2, 2019 on bbc.com.  Online: >https://www.bbc.co.uk/rd/blog/2019-06-bbc-box-personal-data-privacy<

[105] Thomson Reuters.  Businesses Struggling with GDPR After One Year, Says Thomson Reuters Survey.  Posted May 22, 2019 on thomsonreuters.com.  Online:  >https://www.thomsonreuters.com/en/press-releases/2019/may/businesses-struggling-with-gdpr-after-one-year-says-thomson-reuters-survey.html<

[106] – RESERVED –

Monopolies and Market Dominance in the “GIG” eConomy? We are Getting There!

February 19, 2018

REVIEW –

In mid-July of last year (A.D. 2017), I wrote a piece on monopolies and market dominance in the Gig eConomy, and concluded that there wasn’t any “traditional” comparability between the old and new economies, but through a hybridized analysis I did concede that monopoly and market dominance were possible, and could be easily seen when they appeared or threatened to appear.[1]  I will now go out on a limb and state that I think one particular entity may well be approaching that line …. Amazon!

 

SCHEMA –

With specific focus on the FAAAN group of Facebook, Amazon, Alphabet/Google, Apple, and Netflix,[2] I had looked at the standard market sectors and Monopoly / Antitrust analytical frameworks and mixed the old with the new to devise a total of 5 (“five”) hybrid sectors that covered everything from farming, through manufacturing and eCommerce, to such gig economy staples as food delivery, ride-hailing, and cloud services.  These 5 sectors (with each one also having several sub-sectors), were as follows:

(1)          General Goods and Services Sector;

(2)          Specialized Goods and Services Sector;

(3)          Digital Tools, Applications, and Services Sector;

(4)          Social infotainment Sector;

(5)          Gig eConomy Sector.[3]

Next, selecting the Specialized Goods and Services Sector, I had included 8 (“eight”) sub-sectors as follows:

(i)  Conglomerates;

(ii)  Financial Services;

(iii)  Food;

(iv)  Health and Wellness;

(v)  Information Communications Technologies;

(vi)  Information Data Technologies;

(vii)  Personal Services;

(viii)  Shelter.[4]

 

ANALYSIS –

Amazon is already a conglomerate, offering Information Communications Technologies (Amazon Web Services); Information and Data Technologies (such as Amazon Echo); other Services (order fulfillment for food and beverages through Fresh and Amazon Restaurants, and for consumer products and general goods through the Amazon.com marketplace); and operating in technology, industry, and manufacturing through the many Amazon and non-Amazon branded products that it owns and regarding which it conducts research and development as through Annapurna Labs for example, or that it otherwise makes available through AmazonBasics and Amazon Private Label),[5] amongst others.[6]

One could always have suspected, but not predicted as to when, that Amazon would expand into other areas.  However, within less than 8 (“eight”) months to date, we have heard or seen Amazon’s expansion announcements: further into Transportation, with its own fleet of trucks, planes, and drones destined to pickup and deliver parcels and other goods for both itself and other vendors through Shipping with Amazon (SWA);[7] further into Food, with its purchase of the organic grocer, Whole Foods Market;[8] and initially into Health and Wellness, with its announcement to partner with Berkshire Hathaway and JPMorgan Chase in establishing a healthcare entity to “create solutions that benefit our U.S. employees, their families and, potentially, all Americans.”[9]

It being the case that transportation was already a line item (“Leisure, Property, and Transportation”) within Conglomerates,[10] and because there is no standalone category for it, Amazon gets a pass on that “existing service, line-item”.  However, the Whole Foods Market purchase and the healthcare initiative represent new, “standalone divisions” under the schema, and therefore expansions into further sub-sectors under General Goods and Services, as shown.

When one considers the existing ownership by Mr. Bezos of the Washington Post newspaper,[11] under Information Communications Technologies (publishing and printed media), the presence of Amazon Echo within Personal services (virtual assistants), and Amazon Web Services, itself (Information and Data Technologies), we can more clearly see that Amazon and its Chief Executive are now substantially present in 6 (“six”) of the 8 (“eight”) subsectors for Specialized Goods and Services.

Those substantially untouched subsectors, are: (ii) Financial Services; and (viii) Shelter.

If Amazon were to delve further into (or grow its volume or revenue substantially in) banking than its payment services and debit cards (Amazon Cash), or its small business loans that surpassed $3 billion in 2017;[12] or if it bought an established “brick and mortar” or “online” financial services entity outright in the United States or Canada;[13] or if it leveraged block chain technology to form a standalone financial services entity – whether by itself or with one or more partners and regardless of whether it was in the United States or Canada,[14] it would have become firmly and undeniably entrenched in that financial services sector.

Also, if Amazon were, for example, to purchase a major builder or cruise and travel operator, a major hotelier or landlord, or a major building services and maintenance provider,[15] it would have become firmly and undeniably entrenched in that shelter subsector.

Hence, we would see complete sector presence, “sector octo-occupation”, or “sector octopedence”, and the potential for a monopoly – or at the very least a modern Chaebol,[16] Keiretsu,[17] or perhaps even something more.[18]

 

SUMMARY –

As I had said in the July, 2017 article:

“It is only if, and when, well-funded market operators start to occupy whole sectors (in the new schema laid out here) … that we should start to worry about abuse of dominant positions, monopolies, and over-concentration in the control of personal data”.[19]

Some readers may ask how mere presence in a subsector can equate to monopoly or lead to a dominant market position and its abuse?  The answer is that the whole is greater than the sum of its parts, and when a small, mid-size, or large entity is supported by a parent company’s constantly renewable cash hoard, raw analytical and computing power, intimate knowledge of consumer tastes and purchase  histories, ancillary and mutually supporting businesses, and a first mover advantage in synergizing all of these, you may have a monopoly right from the gate if others cannot compete with their pricing and service terms, enter the market with a fighting chance, or nimbly adapt and persist once it moves to match or better them at what they do, and what they did, and how.

 

PREDICTION –

Admittedly, as one notable commentator has said, traditional economic analysis will still find no monopoly or antitrust red flags, or market dominance in the FAAAN entities, as yet,[20] and some readers may disagree with my analysis and conclusions.   But, let’s watch this space and see whether or not Amazon and its CEO make decisive and deeper moves into either or both of “Finance” and “Shelter” as outlined above, and sometime within the next 4-6 months, or at least before the close of calendar 2018.

I really think and predict, that we will see such a decisive move or moves from Mr. Bezos and Amazon.  But, only time will tell, for certain.[21]

**********************************************************************

Author:

Ekundayo George is a lawyer and sociologist.  He has also taken courses in organizational and micro-organizational behavior, and gained significant experience in regulatory compliance, litigation, and business law and counseling.  He has been licensed to practise law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America.  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors.  He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

Trained in Legal Project Management (and having organized and managed several complex projects before practising law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams.  Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: healthcare; education and training; law and regulation; policy and plans; statistics, economics, and evaluations including feasibility studies and business cases; infrastructure; and information technology/information systems (IT/IS) – also sometimes termed information communications technologies (ICT).  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.  Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

**********************************************************************

[1] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy: What Might These Look Like / Are We There Yet?  Posted July 16, 2017 on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/<

[2] Id, at Introduction.

[3] Id, at Sectors (Specialized Goods and Services Sector).

[4] Id, at Specialized Goods and Services Sector (Subsectors).

[5] Ibid.  Under this schema, Amazon has therefore occupied all 5 of the conglomerate sub-elements or variants.  See e.g. Shareen Pathak.  In 2018, Amazon will turn to private label goods.  Posted December 29, 2017 on digiday.com.  Online: >https://digiday.com/marketing/2018-brand-amazon-will-turn-private-label/< See also Leon Doitscher.  Why Amazon Paid $350 Million for Annapurna Labs.  Posted January 26, 2015 on medium.com.  Online: >https://medium.com/chasing-buzzwords/why-amazon-paid-350-million-for-annapurna-labs-9026527d3fb9<

[6] Tara Johnson.  The Complete List of Amazon’s Private Label Brands.  Posted July 5, 2017 on cpcstrategy.com.  Online: >http://www.cpcstrategy.com/blog/2017/07/amazons-private-label-brands/<

[7] Jack Roberts.  Amazon Moves to Launch Its Own Delivery Fleet.  Posted February 12, 2018 on truckinginfo.com.  Online: >http://www.truckinginfo.com/channel/fleet-management/news/story/2018/02/reports-amazon-moves-to-launch-its-own-p-d-fleet.aspx<

[8] Sarah Butler and Zoe Wood.  Amazon to buy Whole Foods Market in $13.7bn deal.  Posted June 16, 2017 on theguardian.com.  Online: >https://www.theguardian.com/business/2017/jun/16/amazon-buy-whole-foods-market-organic-food-fresh<

[9] Tom Murphy – The Associated Press.  Amazon to create new health-care company with Berkshire Hathaway, JPMorgan.  Posted January 30, 2018 on thestar.com.  Online: >https://www.thestar.com/business/2018/01/30/amazon-to-create-new-health-care-company-with-berkshire-hathaway-jpmorgan.html< This quotation in the article headline was attributed to Jamie Dimon, the Chairman and CEO of JP Morgan Chase.  Also according to the article, these three companies have a combined U.S. workforce of approximately 1 million, and the U.S. employer-sponsored healthcare market covers some 167 million employees.

[10] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy: What Might These Look Like / Are We There Yet?  Posted July 16, 2017 on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/<

[11] Monica Nickelsburg.  Washington Post profitable and growing for two years under Jeff Bezos’ ownership.  Posted January 9, 2018 on geekwire.com.  Online: >https://www.geekwire.com/2018/washington-post-profitable-growing-two-years-jeff-bezos-ownership/<

[12] By Jeffry Pilcher.  Amazon Bank: Will Banking’s Worst Nightmare Come True in 2018?  Posted January 2, 2018 on thefinancialbrand.com.  Online: https://thefinancialbrand.com/69436/amazon-bank/<

[13] Ibid.

[14] See generally World Economic Forum.  Beyond Fintech: A Pragmatic Assessment Of Disruptive Potential In Financial Services.  Published August 22, 2017 on weforum.org.  Online: >https://www.weforum.org/reports/beyond-fintech-a-pragmatic-assessment-of-disruptive-potential-in-financial-services<

[15] Amazon Hub, is actually a locker system that Amazon pays landlords to host with a one-time fee, as a means of facilitating and further securing its package deliveries to customers.  Should the payments be reversed and become an “As a Service” offering or otherwise require some periodic fee to Amazon, then yes, Amazon will become the landlord for that limited purpose.  See generally Laura Kusisto.  Amazon and Big Apartment Landlords Strike Deals on Package Delivery.  Posted October 17, 2017 on foxbusiness.com.  Online: >http://www.foxbusiness.com/features/2017/10/17/amazon-and-big-apartment-landlords-strike-deals-on-package-delivery-update.html<

[16] Wikipedia.  Chaebol.  Posted on Wikipedia.com.  Online: >https://en.wikipedia.org/wiki/Chaebol<

[17] Wikipedia.  Keiretsu.  Posted on Wikipedia.com.  Online: >https://en.wikipedia.org/wiki/Keiretsu<

[18] I am toying with the words “NeoRetsu” (new age Keiretsu), or “IchiBol”, because “ichi” means “number one”, in Japanese, and IchiBol just so happens to combine both the Korean and Japanese languages, and both business concepts: the Chaebol as a family-owned business with centralized management by family members, and the Keiretsu as a family of businesses with professional managers, centred on a core bank (or a money machine).

[19] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy: What Might These Look Like / Are We There Yet?  Posted July 16, 2017 on ogalaws.wordpress.com at “Summary”  Online: >https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/<  at Summary.

[20] Greg Ip.  The Antitrust Case Against Facebook, Google and Amazon.  Posted January 16, 2018 on wsj.com.  Online: >https://www.wsj.com/articles/the-antitrust-case-against-facebook-google-amazon-and-apple-1516121561<

[21] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy: Regulatory Rumblings Rattle the Ranks.  Posted July 7, 2019 on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/2019/07/07/monopolies-and-market-dominance-in-the-gig-economy-regulatory-rumblings-rattle-the-ranks/<

hiQ Labs v. LinkedIn: When is Public Speech (or a Public Whisper), Private?

September 9, 2017

BACKGROUND:

 

SPEECH –

An example of “public speech”, in this context, would be an open and notorious change to one’s LinkedIn profile, such as adding a project, an interest, or a competency and skill; and then positively choosing to publicize these profile changes to one’s network.

 

WHISPER –

An example of a “public whisper”, in this context, would be changing one’s skills or communication preferences to show openness to career opportunities, thereby letting recruiters know that one might be interested in opportunities; willingly sharing one’s LinkedIn profile with potential recruiters; or making a public speech as above, but then “specifically” choosing to not announce this profile change to one’s network or to members of the general public.

 

LINKEDIN –

LinkedIn    (“LinkedIn”) is a very widely-used networking site that allows users to choose between making such public speech and public whispers, in their settings preferences.

 

hiQ –

hiQ Labs, Inc. (“hiQ”), is a data analytics entity that has developed and deployed automated “bots” that can access public speech and that last definitional element of a public whisper[1] (hushed or stealthy profile changes) on LinkedIn in a Skill Mapper, allegedly not always in accordance with LinkedIn user-selected visibility preferences,[2] and then further share, publicize or sell the results whether in the raw or aggregated formats to its own customer base of interested employers and parties and persons attempting to contact such job-seeking, job-interested, and passively job interested LinkedIn users.

 

“Companies like LinkedIn, Twitter and Facebook view scraping of the data generated by their users not just as theft – they sometimes charge to license data (to higher level business users) – but a violation of their users’ privacy, because some information can be limited so not all users can view it”[3] [additional words in parentheses].

 

Understandably, LinkedIn, “which charges recruiters, salespeople and job hunters for higher levels of access to profile data”,[4] issued a 3-page cease-and-desist letter to hiQ on May 23, 2017,[5] advising the recipient that it was in violation of the LinkedIn user agreement with those behaviours, notifying  the recipient that additional security precautions had been implemented to prevent any recurrence, demanding that the recipient delete and destroy all such “improperly obtained material” in its possession or custody or control, and putting the recipient on notice that any further such behaviour would be in violation of applicable state and federal laws, with citation to a leading 2015 case in that jurisdiction of the United States federal District Court for the Northern District of California (USDC, NDCA), in which the court had barred similar “website data scraping” conduct.[6]

 

hiQ promptly filed for a Temporary Restraining Order (TRO) in California federal court (USDC, NDCA),[7] to bar any actual application of that cease-and-desist language pending ultimate determination of the underlying matters in a court of competent jurisdiction.  And so it was, that on Monday, August 14, 2017, the court granted hiQ its TRO.[8]

 

 

ANALYSIS:

 

CRAIGSLIST –

In the case that LinkedIn cited within its cease-and-desist letter to hiQ, Craigslist, Inc., had filed a Complaint against the defendant, but the defendant had not timely answered.  As a result, Craigslist then applied for and was granted, a Default Judgement.[9]  According to the ruling, a certain Brian Niessen, a Craigslist user, had answered a Craigslist advertisement posted by another Craigslist user, for a “Skilled Hacker at Scraping Web Content”.[10]  Niessen had described himself as a hacker, and professed that he was already scraping several thousand websites, including “[c]raigslist, Twitter, Groupon, Zagat, and others.”[11]  3taps then entered into a business relationship with Niessen to continue his scraping, for them, which Craigslist stated was in violation of its terms of use (TOU) and constituted a breach of contract because Niessen, as a registered Craigslist user, had agreed to the TOU on several occasions.[12]

 

“The TOU prohibit, among other things, “[a]ny copying, aggregation, display, distribution, performance or derivative use of craigslist or any content posted on craigslist whether done directly or through intermediaries, […]””[13]

 

Craigslist did secure injunctions against the Niessen co-defendants, including Lovely, PadMapper, and 3taps.[14]  However, Niessen – named along with those co-defendants in the Amended Complaint with its 17 Claims for Relief,[15] was somewhat more elusive; as he was first difficult to effectively serve with the Complaint, and then after being served, he failed to provide an answer within the specified time.[16]  As a result, the Clerk of Court first entered a Notice of Default against Niessen, and then Craigslist made Motion for a Default Judgement against Niessen, which the court granted.[17]

 

 

LINKEDIN –

LinkedIn had sought a response by May 31, 2017 to its cease-and-desist letter of May 23, 2017.[18]  However, hiQ filed its Complaint for Declaratory and Injunctive relief against LinkedIn on June 7, 2017.[19]  In summary, with the first paragraph of the Introduction for same, hiQ writes:

 

“This is an action for declaratory relief under the Declaratory Judgment Act, 28 U.S.C. § 2201 and 2202, and for injunctive relief under California law.  hiQ seeks a declaration from the Court that hiQ has not violated and will not violate federal or state law by accessing and copying wholly public information from LinkedIn’s website.  hiQ further seeks injunctive relief preventing LinkedIn from misusing the law to destroy hiQ’s business, and give itself a competitive advantage through unlawful and unfair business practices and suppression of California Constitutional free speech fair guarantees.  hiQ also seeks damages to the extent applicable.”[20]

 

hiQ did promptly and appropriately seek and retain counsel to engage in discussions with LinkedIn upon receipt of the cease-and-desist letter, in order to better understand LinkedIn’s position and seek an accommodative solution to their serious differences.[21]  LinkedIn argued through counsel that it was protecting the interests of its users and seeking to remedy violations of state and federal laws; and hiQ argued through counsel that not only did LinkedIn lack any proprietary interests in the posted data, which was still owned by its users, but that LinkedIn was therefore attempting to “pervert the purpose of the laws at issue by using them to destroy putative competitors, engage in unlawful and unfair business practices and suppress the free speech rights of California citizens and businesses.”[22]

 

On May 30, 2017, hiQ then sent its own letter to LinkedIn seeking the ongoing interim website access that would allow it to persist as a going concern – because “complying with LinkedIn’s demands would essentially destroy hiQ’s business”,[23] while continuing discussions towards “a mutually amicable resolution” of their impasse.  However, on receiving no response, hiQ filed its Complaint for declaratory and injunctive relief.[24]

 

 

HIQ –

The parties entered into a standstill agreement that preserved hiQ’s access to the public LinkedIn data, and agreed to convert hiQ’s original motion into one for a preliminary injunction, after the court had heard the initial party arguments on the hiQ complaint on July 27, 2017.[25]  In California federal District Court, “[a] plaintiff seeking a preliminary injunction must establish that he is likely to succeed on the merits, that he is likely to suffer irreparable harm in the absence of preliminary relief, that the balance of equities tips in his favor, and that an injunction is in the public interest.”[26]  Within the United States Court of Appeals for the Ninth Circuit, which lays-down controlling precedent for United States Federal District Courts in California and several other states and territories,[27] there is a sliding scale for the standard of proof on these elements; which means “a stronger showing of one element may offset a weaker showing of another.”[28]

 

The court also grappled, inter alia, with the language of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030,[29] which prohibits and sanctions unauthorized (whether lacking authorization ab initio or with authorization later revoked), or improperly elevated or improperly applied access to a computer or computer system, because although the LinkedIn profiles were public, they rested on one or more private servers, which were computers.[30]  However, as the court finally opined, “[…] hiQ has, at the very least, raised serious questions as to applicability of the CFAA to its conduct.”[31]

 

“The CFAA must be interpreted in its historical context, mindful of Congress’ purpose. The CFAA was not intended to police traffic to publicly available websites on the Internet – the Internet did not exist in 1984. The CFAA was intended instead to deal with “hacking” or “trespass” onto private, often password-protected mainframe computers.”[32]

 

With regard to hiQ‘s claims that the LinkedIn conduct had violated applicable California free speech laws, the court was more circumspect.  hiQ had cited to Robins v. Pruneyard Shopping Ctr.,[33] a case involving attempts to curtail political speech in a privately-owned shopping mall, to analogize that the LinkedIn site was a public forum akin to a shopping mall with guaranteed free access, free speech, and free association, because “[…] the state’s guarantee of free expression may take precedence over the rights of private property owners to exclude people from their property.”[34]

 

The court was very loathe to start traveling down this most slippery of slopes, stating that: no court had, as yet, extended Pruneyard to the internet in so complete a manner; unlike a shopping mall, the Internet had no single controlling authority; there may result significant repercussions on the capacity of social media hosts to curate posted materials in such a public forum; and there was a lingering question as to whether the same rules would apply to the websites of small, medium, and large entities, alike.[35]  The court therefore concluded, that “[i]n light of the potentially sweeping implications discussed above and the lack of any more direct authority, the Court cannot conclude that hiQ has at this juncture raised “serious questions” that LinkedIn’s conduct violates its constitutional rights under the California Constitution.”[36]

 

On the balance, the court agreed that hiQ had raised enough of a question as to whether LinkedIn’s actions against it had violated the provisions of California’s Unfair Competition Law (UCL)[37] by “leveraging its power in the professional networking market for an anticompetitive purpose”;[38] disagreed that hiQ had either claimed to be a third-party beneficiary of LinkedIn’s promise to its users that they could control the publicity of their profiles, or shown that a third-party could assert such a claim of promissory estoppel in the first instance;[39] and agreed that the public interest favoured a granting of hiQ’s injunction, because “[i]t is likely that those who opt for the public view setting expect their public profile will be subject to searches, date (sic) mining, aggregation, and analysis.”[40]

 

 

CONCLUSION:

 

Of note, regarding all of its claims and especially the estoppel claim, hiQ had also argued that LinkedIn had long acquiesced to its usage of the website and publicly available user data in this way; including attending hiQ conferences where the host thoroughly explained its methodology and business model, and even gave at least one LinkedIn employee an award.[41]  Indeed, some industry commentators have opined that LinkedIn has merely had a change in policy subsequent to its acquisition by Facebook which the courts should not enjoin, and they foresee several other negative repercussions from the outcome of this case if hiQ prevails, and they expect LinkedIn to appeal the District Court ruling.[42]  However, there are also several strong voices supporting hiQ that see negative repercussions if LinkedIn prevails.[43]

 

Suffice it so say that for now, LinkedIn has been Ordered to withdraw its cease and desist letters to hiQ, and stop blocking hiQ, both with immediate effect from the August 14, 2017 date of the Order of Edward M. Chen, United States District Judge.[44]

 

We await LinkedIn’s appeal,[45] if any, but in the interim …… all who so do, are advised to publicly shout, and to publicly whisper, with caution, because they never know who might be cataloguing their words – and where those words that they own might land; (or more specifically, land the originator of those very words) in this Gig e-conomy[46] that exemplifies the gentle admonition that “sharing is daring!”

 

 

*********************************************************************

 

Author:

Ekundayo George is a lawyer and sociologist.  He is a keen student of organizational and micro-organizational behavior and has gained significant experience in regulatory compliance, litigation, and business law and counseling.  He has been licensed to practise law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America.  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services and Public Finance, Public Procurement, Healthcare and Public Pensions, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors.

 

Of note, Mr. George has now worked at the municipal government, provincial government, and federal government levels in Canada, as well as at the municipal government, state government, and federal government levels in the United States.  He is also a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and enjoys complex systems analysis in legal, technological, and societal milieux.

 

Trained in Legal Project Management (and having organized and managed several complex projects before practising law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams.  Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: healthcare; education and training; law and regulation; policy and plans; statistics, economics, and evaluations including feasibility studies and business cases; infrastructure; and information technology/information systems (IT/IS) – also sometimes termed information communications technologies (ICT).  See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.  Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

 

 

[1] See Infra note 7 at Introduction, ¶2.  hiQ does specifically state in its Complaint, that: “hiQ does not analyze the private sections of LinkedIn, such as profile information that is only visible when you are signed-in as a member, or member private data that is visible only when you are “connected” to a member. Rather, the information that is at issue here is wholly public information visible to anyone with an internet connection.”  But See HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 6.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>…

“LinkedIn maintains that […] while the information that hiQ seeks to collect is publicly viewable, the posting of changes to a profile may raise the risk that a current employee may be rated as having a higher risk of flight under Keeper even though the employee chose the Do Not Broadcast setting. hiQ could also make data from users available even after those users have removed it from their profiles or deleted their profiles altogether. LinkedIn argues that both it and its users therefore face substantial harm absent an injunction; if hiQ is able to continue its data collection unabated, LinkedIn members’ privacy may be compromised, and the company will suffer a corresponding loss of consumer trust and confidence” [emphasis added].

[2] Id. at Introduction, ¶5.  On this point, hiQ writes to specify LinkedIn’s 5 levels of profile visibility preference, and emphasize its own limited access to and use of same:

“LinkedIn members can choose to (1) keep their profile information private; (2) share only with their direct connections; (3) share with connections within three degrees of separation; (4) allow access only to other signed-in LinkedIn members, or (5) allow access to everyone, even members of the general public who may have no LinkedIn account and who can access the information without signing in or using any password. It is only this fifth category of information – wholly public profiles – that is at issue here: hiQ only accesses the profiles that LinkedIn members have made available to the general public.”

[3] Thomas Lee.  LinkedIn, HiQ Spat Presents Big Questions for Freedom, Innovation.  Published July 8, 2017 on sfchronicle.com.  Web: <http://www.sfchronicle.com/business/article/LinkedIn-HiQ-spat-presents-big-questions-for-11274133.php#comments>

[4] Ibid.

[5] LinkedIn Corporation.  RE: Demand to Immediately Cease and Desist Unauthorized Data Scraping and other Violations of LinkedIn’s User Agreement.  Letter dated May 23, 2017.  Web: <https://static.reuters.com/resources/media/editorial/20170620/hiqvlinkedin–ceaseanddesist.pdf>

[6] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. October 9, 2015).  ORDER Granting Application for Default Judgment, issued by Charles R. Breyer, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA).  Web: <http://law.justia.com/cases/federal/district-courts/california/candce/3:2012cv03816/257395/280/>

[7] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-LB (N.D. Cal. June 7, 2017).  COMPLAINT FOR DECLARATORY JUDGMENT UNDER 22 U.S.C. § 2201 THAT PLAINTIFF HAS NOT VIOLATED: (1) THE COMPUTER FRAUD AND ABUSE ACT (18 U.S.C. § 1030); (2) THE DIGITAL MILLENNIUM COPYRIGHT ACT (17 U.S.C. §1201);(3) COMMON LAW TRESPASS TO CHATTELS; OR (4) CAL. PENAL CODE § 502(c); INJUNCTIVE RELIEF TO ENJOIN: (1) INTENTIONAL INTERFERENCE WITH CONTRACT AND PROSPECTIVE ECONOMIC ADVANTAGE; (2) UNFAIR COMPETITION (CAL. BUS. & PROF. CODE § 17200); (3) PROMISSORY ESTOPPEL; AND (4) VIOLATION OF CALIFORNIA FREE SPEECH LAW; AND RELATED MONETARY RELIEF. Filed 2017, in the United States District Court for the Northern District of California (USDC, NDCA).  Web: <https://www.unitedstatescourts.org/federal/cand/312704/1-0.html>

[8] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA).  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[9] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. October 9, 2015).  ORDER Granting Application for Default Judgment, issued by Charles R. Breyer, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA).  Web: <http://law.justia.com/cases/federal/district-courts/california/candce/3:2012cv03816/257395/280/>

[10] Id. at 2.

[11] Ibid.

[12] Id. at 3.

[13] Id. at 2.

[14] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. October 9, 2015).  ORDER Granting Application for Default Judgment, issued by Charles R. Breyer, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 3.  Web: <http://law.justia.com/cases/federal/district-courts/california/candce/3:2012cv03816/257395/280/>

[15] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. November 20, 2012).  First Amended Complaint.

Web: <http://www.3taps.com/images/pics/430_Amended Compalint .pdf>

[16] Supra note 14 at 3.

[17] Ibid.

[18] LinkedIn Corporation.  RE: Demand to Immediately Cease and Desist Unauthorized Data Scraping and other Violations of LinkedIn’s User Agreement.  Letter dated May 23, 2017.  Web: <https://static.reuters.com/resources/media/editorial/20170620/hiqvlinkedin–ceaseanddesist.pdf>

[19] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-LB (N.D. Cal. June 7, 2017). COMPLAINT FOR DECLARATORY JUDGMENT UNDER 22 U.S.C. § 2201 THAT PLAINTIFF HAS NOT VIOLATED: (1) THE COMPUTER FRAUD AND ABUSE ACT (18 U.S.C. § 1030); (2) THE DIGITAL MILLENNIUM COPYRIGHT ACT (17 U.S.C. §1201);(3) COMMON LAW TRESPASS TO CHATTELS; OR (4) CAL. PENAL CODE § 502(c); INJUNCTIVE RELIEF TO ENJOIN: (1) INTENTIONAL INTERFERENCE WITH CONTRACT AND PROSPECTIVE ECONOMIC ADVANTAGE; (2) UNFAIR COMPETITION (CAL. BUS. & PROF. CODE § 17200); (3) PROMISSORY ESTOPPEL; AND (4) VIOLATION OF CALIFORNIA FREE SPEECH LAW; AND RELATED MONETARY RELIEF.  Filed 2017, in the United States District Court for the Northern District of California (USDC, NDCA).  Web: <https://www.unitedstatescourts.org/federal/cand/312704/1-0.html>

[20] Id. at Introduction, ¶1.

[21] Id. at ¶¶27-8.

[22] Id. at ¶28.

[23] Id. at ¶¶34, 38, 46.

[24] Id. at ¶29.

[25] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 3.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>…

[26] Id. at 4.

[27] The United States Court of Appeals for the Ninth Circuit covers Alaska, Arizona, California, Guam, Hawaii, Idaho, Montana, Nevada, the Northern Mariana Islands, Oregon, and Washington state.  See generally Geographical Boundaries of United States Courts of Appeals and United States District Courts.  Online: <https://www.supremecourt.gov/about/Circuit Map.pdf>

[28] Supra note 25 at 4.

[29] Congress of the United States, United States Code.  18 USC 1030: Fraud and related activity in connection with computers.  Title 18: Crimes and Criminal Procedure; Part I: Crimes; Chapter 47: Fraud and False Statements. Web: <uscode.house.gov/browse/prelim@title18/part1/chapter47&edition=prelim>

[30] Supra note 25 at 10.

[31] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 16.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[32] Id. at 10.

[33] See Robins v. Pruneyard Shopping Ctr., 23 Cal. 3d 899, 905 (1979).

[34] Supra note 31 at 18

[35] Id. at 19.

[36] Id. at 20-21.

[37] See Unfair Competition Law (UCL), Cal. Bus. & Prof. Code §17200 et seq.

[38] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 21.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[39] Id. at 23.

[40] Id. at 24.

[41] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-LB (N.D. Cal. June 7, 2017). COMPLAINT FOR DECLARATORY JUDGMENT UNDER 22 U.S.C. § 2201 THAT PLAINTIFF HAS NOT VIOLATED: (1) THE COMPUTER FRAUD AND ABUSE ACT (18 U.S.C. § 1030); (2) THE DIGITAL MILLENNIUM COPYRIGHT ACT (17 U.S.C. §1201);(3) COMMON LAW TRESPASS TO CHATTELS; OR (4) CAL. PENAL CODE § 502(c); INJUNCTIVE RELIEF TO ENJOIN: (1) INTENTIONAL INTERFERENCE WITH CONTRACT AND PROSPECTIVE ECONOMIC ADVANTAGE; (2) UNFAIR COMPETITION (CAL. BUS. & PROF. CODE § 17200); (3) PROMISSORY ESTOPPEL; AND (4) VIOLATION OF CALIFORNIA FREE SPEECH LAW; AND RELATED MONETARY RELIEF. Filed 2017, in the United States District Court for the Northern District of California (USDC, NDCA), at ¶7.  Web: <https://www.unitedstatescourts.org/federal/cand/312704/1-0.html>

[42] See generally Tristan Greene.  The future of your data could rest in the outcome of LinkedIn vs HiQ case.  Posted August 24, 2017 on thenextweb.com.  Web: <https://thenextweb.com/insider/2017/08/24/hiq-is-the-david-to-linkedins-goliath-in-legal-battle-over-user-data/#.tnw_Q1Tn05Hv>…

[43] Id.

[44] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 21.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[45]  – Reserved –

[46] For a general overview of the Gig e-conomy and its monopoly potential, see e.g. Ekundayo George.  Monopolies and Market Dominance in the “GIG” e-conomy: What Might These Look Like / Are We There Yet?  Published July 16, 2017 on ogalaws.wordpress.com.  Web: <https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/>

Monopolies and Market Dominance in the “GIG” eConomy: What Might These Look Like / Are We There Yet?

July 16, 2017

INTRODUCTION:

I will not get into legalese, as this is but a conceptual take on the topic.  I came across the following New York Times article,[1] which posed the question “Is It Time to Break Up Google?”  That article had been cited by a more recent one that spoke of the dominant market positions of the so-called FAAAN stocks (described as Facebook, Amazon, Alphabet, Apple and Netflix) or sometimes FAANG stocks (Facebook, Amazon, Apple, Netflix and Google), and the potential need to limit or dismantle them for such reasons as to protect the consumer, or to better protect against the loss or misuse of personal data, or to maintain market integrity, investment and productivity, and dynamism through vigorous multiparty competition.[2]  I will use FAAAN and FAANG interchangeably.

This is the language of competition regulators – avoiding monopolies, carefully watching oligopolies, and protecting the consumer from any entity that would abuse its dominant position in the market to take advantage of them.  There are competing schools in different regulator domains, however, as one side says that competition spurs innovation (European Union stance), whilst the other side appears more comfortable with FAAAN entity market shares than it was with those in telecommunications, oil and gas, and railways (United States stance).[3]  The Standard Oil Company, which maintained a 90% market share for twenty years, is often cited as the posterboy for monopoly power in the United States – but was it really so villainous?[4]  In any case, before we apply a solution, we must first answer 3 essential questions:

1. What, exactly, are these FAAAN entities allegedly dominant in?

• Facebook has a leading position in social media, through its control of Facebook Messenger, WhatsApp, and Instagram (and now sharing control, with Alphabet/Google, of approximately 56% of the U.S. market for mobile advertising).[5]
• Amazon has a leading position in e-commerce, with its ubiquitous shopping portal (now handling approximately 30% of all U.S. e-commerce sales),[6] and in the provision of cloud hosting and data centre services.
• Alphabet/Google has a leading position in online search, online video through its control of Youtube, and in the revenue yield from online advertising (now earning approximately 78% of all U.S. search advertising revenues).[7]
• Apple has a leading position in smartphones wearables, and tablets, through its iPhone (now accounting for approximately 60% of global smartphone sales),[8] iPad, Watch, Mac, and MacBook lines.
• Netflix also has a leading position in “over the top” (OTT) movie, performance, and documentary streaming (now reaching approximately 75% of all U.S. streaming service viewers).[9]

Are these indications of dominance, we ask, or just a solid and perhaps (for now) unassailable lead in markets resoundingly disrupted?

“Movies and television could become like opera and novels, because there are so many other forms of entertainment. Someday, movies and TV shows will be historic relics. But that might not be for another 100 years.”[10]

For example, all of these FAAAN stocks, other than Apple, may be especially dominant in the United States, but with the U.S. share of global e-commerce expected to fall from 20.7% in 2016 to 16.9% in 2020, while China’s share of it rises from 47% to 59.5% in the same period,[11] then given the restrictions on market entry into China,[12] how can any current such “dominance”, persist?

Microsoft is also sometimes mentioned as a market dominator, with its leading positions in operating system software, desktops and mobile, cloud hosting, big data, analytics, and online storage through its data centres; as is Uber, with its stated goal to dominate the ride-hailing space on a global scale.

2. What, precisely, is the market or who, precisely, is the consumer that these FAANG entities are allegedly dominating?

Let us now start to break things down a little further, step by step.

VERTICALS –

I think we can all agree that there are three consumer verticals: government, business, and generic consumers – meaning neither of the preceding two verticals.  From there, however, things can get quite tricky, with this hierarchy of 3 verticals, then 5 sectors, then 30 groups, and finally, their many included elements.  Of course, each regulator or group of regulators assessing these entities, has its own domain, such as the United States (with its long tradition of Antitrust regulation), Canada (with its long experience in near oligopolies for financial services and telecommunications), Russia and China (with growing experience in competition regulation, and where Uber recently partnered with Yandex in Russia,[13] and earlier with Didi Chuxing in China,[14] for ride-hailing, or “on-demand transportation”), and the European Union (where Facebook,[15] Alphabet/Google,[16] Apple,[17] and Microsoft,[18] have all had run-ins with the local Competition regulator).

In the investing community, there are a number of ways to segment the market.  The diversified Standard & Poor’s 500 Index uses 11 market sectors,[19] and the NASDAQ (technology-heavy) index follows the Industry Classifications Benchmark (ICB) system, to create ten market sectors.[20]  There is some overlap between these two, but the Toronto Stock Exchange (energy and financial services- heavy) index has just seven market sectors.[21]  Personally, I have long used a modified schema of about 16 sectors, but I think it is time to change the whole approach because these FAAAN / FAANG entities have disrupted much, will continue to do so, and have spawned a whole series of ecosystems of disruptors that cross sectoral boundaries, serve multiple verticals, and make a mockery of most if not all commonly used methods of market and competition analysis, including clear regulatory categorization, for purposes of finding and assessing the impact of a dominant position.  This is collectively the “gig” -economy of on-demand piecework, tempwork, and peer-to-peer transacting that circumvents big businesses, with “gig” now having a U.S. labor market share now estimated at 34% and projected to rise to 43% by 2020.[22]

Hence, my analytical proposal is this:

SECTORS –

We start with 5 very broad sectors, and then break things down further.  Those five sectors, are: General Goods and Services; Specialized Goods and Services; Digital Tools, Applications and Services; Social Infotainment; and the Gig e-conomy.

GENERAL GOODS AND SERVICES SECTOR:

Here, I have placed the 8 key groups of Government, Manufacturing and Industry, Materials, Oil and Gas, Retail and Wholesale, Security, Transportation, and Utilities.

Government, is further divided across the 5 elements of: regulation; education and tutoring; standard setting; libraries and archives; and dispute resolution and keeping the peace.

Manufacturing and Industry, are further divided across the 5 elements of: aerospace and defence; construction and engineering; transportation and utilities infrastructure; technology, hardware, communications equipment and components and peripherals; and services.

Materials, are further divided across the 5 elements of: paper and forest products; metals and mining; construction materials and components; advanced materials; and CAD-CAM, and GIS and other services.

Oil and Gas, are further divided across the 5 elements of: oil and gas services; drilling and equipment; transportation and storage; refining, trade, plastics and chemicals; and other.

Retail and Wholesale, are further divided across the 5 elements of: leisure; household durable and furniture; household discretionary and personal products; retail (multiline and specialty); and luxury goods, apparel, and textiles.

Security, is further divided across the 5 elements of: national security and defence; societal security and emergency management; physical and industrial safety and security, and emergency management; personal safety and security, and incident response; and virtual security, and incident and event management.

Transportation, is further divided across the 5 elements of: public transportation networks; commercial transportation networks; carriage for hire and ride-hailing; personal and shared mobility properties; and drones and autonomous vehicles.

Utilities, are further divided across the 5 elements of: electric and gas; wind, solar, and water; nuclear; biomass and multi-utility; and other.

SPECIALIZED GOODS AND SERVICES SECTOR:

Here, I have placed the 8 key groups of Conglomerates, Financial Services, Food, Health and Wellness, Information Communications Technologies, Information and Data Techniques, Personal Services,  and Shelter.

Conglomerates, are further divided across the 5 elements/variants of: food, beverage, and consumer products; information communications technologies and information and data techniques; leisure, property, and transportation; technology, industry, and manufacturing; and services.

Financial Services, are further divided across the 5 elements of: consumer, trade, and business banking and finance, and cash and payment provision and processing; mortgages, home equity lines of credit, and real estate investment trusts; financial planning and advising, and portfolio and asset management; trusts and estates; and insurance and reinsurance.

Food, is further divided across the 5 elements of: crops; kept animals and kept animal products; beverages and other consumables; wholesale, retail, and restaurant; and processing, packaging, and distribution.

Health and Wellness, is further divided across the 5 elements of: medical and surgical services; medical and surgical equipment; pharmacology; mental and spiritual health; and fitness and alternatives.

Information Communications Technologies, are further divided across the 5 elements of: publishing, and printed media; cable, over-air, over the top, and satellite television; radio and satellite radio; fiber optics, telephone, and voice over internet protocol; and audio-visual and peripherals.

Information and Data Techniques, are further divided across the 5 elements of: collection and collation; privacy, security, and anonymization; storage and retrieval; transactions and analysis; and disposal.

Personal Services, are further divided across the 5 elements of: professional services; personal assistants, managers, and agents; virtual assistants; crisis, wardrobe, image and media consultants; and household staff.

Shelter, is further divided across the 5 elements of: single family; multi-family; mobile accommodations; hotel, motel, cruise and resort; and plant, office, maintenance and janitorial.

DIGITAL TOOLS, APPLICATIONS, AND SERVICES SECTOR:

Here, I have placed 8 key groups, and without any further division across elements because the developed and developing options are still far too broad to be coherently and comprehensively captured, if ever.  These 8, are:

• Consumer Software, and Productivity applications.
• eBooks, eNews, and other eMedia.
• eCommerce.
• eLearning.
• Employment and Contracting.[23]
• Entity Clouds and data centres for Big Data, storage, hosting, managed solutions, and analytics.
• Online advertising, including by profile, location, nearfield communication, and radiofrequency identification;
• Online search, mapping and geo-tagging or tracking, and navigation.

SOCIAL INFOTAINMENT SECTOR:

Here, I have placed the 2 key groups of Hardware; and Services.

Hardware, is further divided across the 5 elements of: phones; tablets; desktop devices; virtual and augmented reality; and content creation through interactive and autonomous devices with and without artificial intelligence.

Services, are further divided across the 5 elements of: standard and streaming live theatre, motion pictures, and video; standard and streaming live concerts, performance arts, and audio; social and chat, and introductions and networking; gaming, group casts, and similar interactions; and content creation, experiential learning, and immersive transactions.

GIG E-CONOMY SECTOR:

So now, let us use a “gig” e-conomy approach to assess the dominance issue across the preceding market sectors.  I think that you may well find yourself agreeing that there is no dominance at play, and that the competition is still quite healthy across the board.  Here, I have placed those “on demand” goods and services available through rapidly advancing technology that are or may be applicable.  Please note that no single person can possibly name all members of any subgroup and the Apps and Bots of competitors, as they multiply, morph, and merge on both daily and intraday bases; but I will, however, try to give sufficient coverage to convey the depth, breadth, and scope of offerings available.[24]

On-demand General Goods and Services, and their related providers or aggregators would be found here, such as Baidu Baike, The Canadian Encyclopedia, Encyclopedia Britannica, Encyclopedia.com, The Free Dictionary.com, Wikipedia and World Book Online (Government: libraries and archives); 3D printers (Materials: CAD-CAM, and GIS and other services); Alibaba, Amazon, Costco, WalMart, and Yandex (Retail and Wholesale – whole group); AppRiver, Bitdefender, Symantec/Norton, Kaspersky, McAfee, and Webroot SecureAnywhere Antivirus (Security: virtual security); and Uber, Lyft, Ourbus, Didi Chuxing, BlaBlaCar, and Yandex (Transportation: carriage for hire and ride-hailing).

On-demand Specialized Goods and Services, and their related providers or aggregators would be found here, such as Apple, Alphabet and Microsoft (Conglomerates: Information communications technologies – smartphones of iPhone, Pixel and Lumia, along with Watch, Mac, iPad, Surface, OneNote, and the operating systems of iOS, macOS, Linux, Android, Windows, and other solutions based on non-proprietary or open-source code); Amazon and Microsoft (Conglomerates: information and data techniques – cloud services); Consumer, trade, and business banking and finance (Financial Services: portals and standalone Apps of the major banks, worldwide, along with Fintech disruptors like rate.com and Kreditech); Android Pay, Apple Wallet, Bitcoin, Etherium, LG Pay, Microsoft Wallet, Samsung Pay or Samsung Pay Mini, Yandex Money, Alipay, PayPal and Stripe[25] (Financial Services: smartphone-based and web-based cash and payment provision and processing); Fund Razr, Indiegogo, Kickstarter, GoFundMe, AngelList, and CrowdCube (Financial Services: Consumer, trade, and business banking and finance); AlphaStreet, MyLo, Robinhood, and WealthBar (Financial Services: financial planning and advising, and portfolio and asset management); Deliveroo, Grubhub, Just-eat, Postmates, Door-Dash, UberEATS, Amazon, and Instacart (Food: processing, packaging, and distribution); SiriusXM and free AM/FM radio around the world[26] (Information Communications Technologies: radio and satellite radio); Netflix, Spotify, NotJustOk, YouTube, Hulu, Sling, HBO, and Amazon (Information Communications Technologies: cable, over-air, over the top, and satellite television); Google, Alibaba, Yandex, Amazon Web Services, Facebook, Tencent, Microsoft Cloud/Azure (Information and Data Techniques – whole group, as also listed in Conglomerates, above); Monster, LinkedIn, Upwork, TaskRabbit (Personal Services: – whole group); Airbnb, Love Home Swap, Onefinestay (Shelter: hotel, motel, cruise and resort); and Handy, Homejoy, Merry Maids, Molly Maid, Life Maid Easy, and Bee Clean (Shelter: plant, office, maintenance and janitorial).

On-demand Digital Tools, Applications, and Services, and their related providers or aggregators would be found here, such as Apple’s App Store, Google’s Play Store, Adobe, Corel, Microsoft/Windows, Etherium, Intuit and QuickBooks (Consumer software and productivity applications); Amazon Kindle, Voyage, and Oasis, Barnes & Noble Glowlight, Nook, and Touch, and the Kobo and Aura (eBooks); Amazon, Alibaba, Costco, Craigslist, DaWanda, eBay, Etsy, Shopify, WalMart and Yandex (eCommerce); ADrive, Apple iCloud, Box, Dropbox, Google Drive, iDrive, Media Fire, Mozy, Microsoft OneDrive, and PhotoBucket (Entity Clouds – storage); Accenture Cloud Hosting Services, Amazon Web Services, CSC Cloud Computing Services, Canadian Cloud Hosting, Canadian Web Hosting, CenturyLink, Cloud Sigma, Dimension Data Cloud Surround, Distil Networks, Fujitsu Cloud Solutions, Google App Engine/Cloud Platform, Helion Public Cloud, Lunacloud, Microsoft Azure/Cloud, OpenShift, OpenStack Cloud, Rackspace, Softlayer, Verizon Terremark, ViaWest KINECTed Cloud, and VMware (Entity Clouds and Data Centres for Big Data, hosting, managed solutions, and analytics); Google, Facebook, Snap, Twitter and Youtube (online advertising, including by profile, location, nearfield communication, and radiofrequency identification); and Google, Baidu, and Yandex (online search, mapping and geo-tagging or tracking, and navigation).

On-demand Social Infotainment, and their related providers or aggregators would be found here, such as Apple iOS/macOS ecosystems, Blackberry smartphones and data centres, Facebook Oculus Rift, Google Android ecosystem along with Cardboard, Daydream Viewer, and robotics and autonomy, HTC Vive, Huawei smartphones, LG smartphones, Microsoft Windows ecosystem along with HoloLens and Windows Mixed reality, Samsung Gear and robotics and autonomy, Sony Playstation VR and robotics and autonomy, Linux, and other environments and platforms created using open source or non-proprietary code (Hardware – whole group); Netflix, NotJustOk, Spotify, YouTube, Hulu, Sling, HBO, Pokemon, and Amazon (Services – whole group); and Facebook, WhatsApp, Tencent, WeChat, Vodi, Instagram, LinkedIn, Monster, Match.com, Lavalife, eHarmony, and Zoosk (Services – social, chat, and introductions and networking; gaming, group casts, and similar interactions; and content creation, experiential learning and immersive transactions.  You may have noticed that “on-demand Social Infotainment” anticipates content creation by both the hardware makers and the service providers with ever more collaboration, hence the lines become consumers and producers of content have become irrevocably blurred and blended.  Similarly, the gig e-conomy’s “on-demand social infotainment” and “on-demand digital tools, applications, and services” sectors rely upon one another for continuity – the social infotainment needs all that the digital has to offer, and the digital feeds the rising ubiquity of the social infotainment.

3. Considering the above and now fuller picture of the competitive landscape, is any one of these FAAN/FAANG entities really dominant in any meaningful way?

The answer to this, must therefore be a resounding No. There are a number of groups in which a few players have literally occupied the entire field.  However, in no place is there only one entity.  Clearly, then, competition is alive and fierce in all sectors and groups, as laid out in this analytical scheme.

Any Facebook domination alleged for social media fades away with the diversity of competitors and offerings found within the converged gig e-conomy’s “on-demand social infotainment”;

Any Amazon domination alleged for e-commerce and for search, fades away with the diversity of competitors and offerings under the converged gig e-conomy Sector’s “on-demand general goods and services”, and “on-demand specialized goods and services”.

Any Alphabet/Google domination alleged for online search, online video, and online advertising revenue yield, fades away with the diversity of competitors and offerings under the converged gig e-conomy’s “on demand digital tools, applications, and services”.

Similarly, any Apple domination alleged in smartphones, wearables and tablets, fades away with the diversity of manufacturers and operators found in the converged gig e-conomy sector’s “on-demand specialized goods and services”, as conglomerates offering information and communications technologies, and undertaking information and data techniques.

Finally, any Netflix domination alleged for “over-the-top” (OTT) movie, performance, and documentary streaming, fades away with the diversity of entities competing to deliver services within the converged gig e-conomy’s “on-demand social infotainment”.

SUMMARY:

It is only if, and when, well-funded market operators start to occupy whole sectors (in the new schema laid out here), taking out whole swathes of their competitors and content providers[27] in Pacman “gig”-abites to become the sole players in many of the specific groups within those sectors, that we should start to worry about abuse of dominant positions, monopolies, and over-concentration in the control of personal data[28] – incessant data breaches[29] and global ransomware events,[30] notwithstanding.

Perhaps, you agree now?![31]

********************************************************************

Author:

Ekundayo George is a lawyer and sociologist.  He has also taken courses in organizational and micro-organizational behavior, and gained significant experience in regulatory compliance, litigation, and business law and counseling.  He has been licensed to practise law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America.  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, e-commerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors.  He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

Trained in Legal Project Management (and having organized and managed several complex projects before practising law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams.  Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: healthcare; education and training; law and regulation; policy and plans; statistics, economics, and evaluations including feasibility studies and business cases; infrastructure; and information technology/information systems (IT/IS) – also sometimes termed information communications technologies (ICT).  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.  Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

[1] Jonathan Taplin.  Is It Time to Break Up Google?  Published on nytimes.com, April 22, 2017.  Web: >https://www.nytimes.com/2017/04/22/opinion/sunday/is-it-time-to-break-up-google.html?_r=2<

[2] David McLaughlin.  Are Facebook and Google the New Monopolies?: QuickTake Q&A.  Published on Bloomberg.com, July 12, 2017. Web: >https://www.bloomberg.com/news/articles/2017-07-13/antitrust-built-for-rockefeller-baffled-by-bezos-quicktake-q-a<  See also Ayanna Alexander.  Mobile App Location Sharing Brings Awesome Opportunities, Privacy Fears.  Published on bna.com, July 11, 2017.  Web: >https://www.bna.com/mobile-app-location-b73014461529/<

[3] Ramsi Woodcock.  EU’s Antitrust ‘War’ on Google and Facebook Uses Abandoned American Playbook.  Published on observer.com, July 14, 2017.  >http://observer.com/2017/07/eus-antitrust-war-google-facebook-uses-american-playbook-margrethe-vestager-european-union/<

[4] Alex Epstein.  Vindicating Standard Oil, 100 years later.  Published on dailycaller.com, May 13, 2011.  Web: >http://dailycaller.com/2011/05/13/vindicating-standard-oil-100-years-later/2/<

[5] David McLaughlin.  Are Facebook and Google the New Monopolies?: QuickTake Q&A.  Published on Bloomberg.com, July 12, 2017. Web: >https://www.bloomberg.com/news/articles/2017-07-13/antitrust-built-for-rockefeller-baffled-by-bezos-quicktake-q-a<

[6] Ibid.

[7] Ibid.

[8] Ibid.

[9] Sarah Perez.  Netflix reaches 75% of US streaming service viewers, but YouTube is catching up.  Published on techcrunch.com, April 10, 2017.  Web: >https://techcrunch.com/2017/04/10/netflix-reaches-75-of-u-s-streaming-service-viewers-but-youtube-is-catching-up/<

[10] Joe Nocera.  Can Netflix Survive in the New World It Created?  Published on nytimes.com, June 15, 2016.  Web: >https://www.nytimes.com/2016/06/19/magazine/can-netflix-survive-in-the-new-world-it-created.html<

Quoting Reed Hastings – Chairman of the Board, President, Chief Executive Officer, Netflix.

[11] Patrick Seitz.  Move Over FANGs, China’s BAT Stocks Go From Copycats To Fat Cats.  Published on investors.com, July 14, 2017.  Web: >http://www.investors.com/research/industry-snapshot/move-over-fangs-chinas-bat-stocks-go-from-copycats-to-fat-cats/?src=A00220&yptr=yahoo<

[12] Id.  See also infra, note 14.

[13] Eric Auchard and Anastasia Teterevleva.  Uber and Yandex to combine ride-hailing in Russia and beyond.  Published on reuters.com, July 13, 2017.  Web: >http://www.reuters.com/article/us-uber-tech-m-a-yandex-idUSKBN19Y10V<  The new entity will operate regionally, in Russia, Armenia, Azerbaijan, Belarus, Georgia and Kazakhstan.

[14] Scott Cendrowski.  Uber Had No Way Out of China Except Through a Merger With Didi.  Published on fortune.com, July 31, 2016.  Web: >http://fortune.com/2016/08/01/uber-didi-merger/<

[15] Jason Aycock.  Facebook eases into crosshairs of EU antitrust watchdogs.  Published on seekingalpha.com, July 3, 2017.  Web: >https://seekingalpha.com/news/3276761-facebook-eases-crosshairs-eu-antitrust-watchdogs<

[16] Peter Sayer.  EU Competition Commissioner spells out priorities: Google as Alphabet is still under investigation.  Published on pcworld.com, October 26, 2015.  Web: >http://www.pcworld.com/article/2997529/android/eu-competition-commissioner-spells-out-priorities-google-as-alphabet-is-still-under-investigation.html<

[17] Sean Farrell and Henry McDonald.  Apple ordered to pay €13bn after EU rules Ireland broke state aid laws.  Published on theguardian.com, August 30, 2016.  Web: >https://www.theguardian.com/business/2016/aug/30/apple-pay-back-taxes-eu-ruling-ireland-state-aid<

[18] Charles Arthur.  Microsoft loses EU antitrust fine appeal.  Published on theguardian.com, June 27, 2012.  Web: >https://www.theguardian.com/technology/2012/jun/27/microsoft-loses-eu-antitrust-fine-appeal<

[19] These 11 S&P 500 market sectors are: Energy, Materials, Industrials, Consumer Discretionary, Consumer Staples, Health care, Financials, Real Estate, Information Technology, Telecommunications Services, and Utilities.

See S&P 500 Factsheet – Sector Breakdown.  Published on ca.spindices.com and visited on July 13, 2017.  Web: >http://ca.spindices.com/indices/equity/sp-500<

[20] These 10 NASDAQ market sectors are: Oil and Gas, Basic materials, Industrials, Consumer Services, Consumer Goods, Healthcare/Financials, Technology, Telecommunications, and Utilities.  See NASDAQ Composite Index – COMP Fact Sheet – Industry Breakdown.  Published on nasdaqomx.com and visited July 13, 2017.  Web: >https://indexes.nasdaqomx.com/Index/Overview/COMP<

[21] These 7 TSE market sectors are: Clean Technology, Diversified Industries, Energy and Energy Services, Life Sciences, Mining, Real Estate, and Technology.  See The Toronto Stock Exchange, Sector and Product Profiles.  Published on tsx.com and visited July 13, 2017.  Web: >http://tsx.com/listings/listing-with-us/sector-and-product-profiles<

[22] Patrick Gillespie.  Intuit: Gig economy is 34% of US workforce.  Published on money.cnn.com, May 24, 2017.  Web: >http://money.cnn.com/2017/05/24/news/economy/gig-economy-intuit/index.html<

[23] Including this as a standalone group has become a necessity, thanks to the enabling rise of the “gig” e-conomy.  See e.g. Nick Wells. The ‘gig economy’ is growing — and now we know by how much.  Published on cnbc.com, October 13, 2016.  Web: >http://www.cnbc.com/2016/10/13/gig-economy-is-growing-heres-how-much.html<

[24] All names and marks mentioned herein are and remain the property of their respective owners, and no good or service or provider of same that is mentioned or omitted or referenced whether in whole or in part within this article or within its attached notes is either endorsed or disdained.

[25] Memberful.  Stripe vs PayPal: Who should you choose?  Published on memberful.com and visited on July 15, 2017.  Web: >https://memberful.com/blog/stripe-vs-paypal/<

[26] John-Erik Koslosky.  Sirius XM’s Strongest Competition May Surprise You.  Published on fool.com, September 12, 2015.  Web: >https://www.fool.com/investing/general/2015/09/12/sirius-xms-strongest-competition-may-surprise-you.aspx<

[27] Nick Wingfield and Michael J. de la Merced.  Amazon to Buy Whole Foods for $13.4 Billion.  Published on nytimes.com, June 16, 2017.  Web: >https://www.nytimes.com/2017/06/16/business/dealbook/amazon-whole-foods.html<

[28] Business Leader.  Google dominates search. But the real problem is its monopoly on data.  Published on theguardian.com, April 19, 2015.  Web: >https://www.theguardian.com/technology/2015/apr/19/google-dominates-search-real-problem-monopoly-data<  See also Ben Thompson.  Facebook and the Cost of Monopoly.  Published on stratechery.com, April 19, 2017.  Web: >https://stratechery.com/2017/facebook-and-the-cost-of-monopoly/<

[29] Dave Burton.  Minimize “Dwell Time” to Cut the Cost of Data Center Breaches.  Published on infosecisland.com, October 20, 2016.  Web: >http://www.infosecisland.com/blogview/24835-Minimize-Dwell-Time-to-Cut-the-Cost-of-Data-Center-Breaches.html<  See also Jessica Davis.  Former Bupa employee posts 1 million records for sale on dark web.  Published on healthcareitnews.com, July 14, 2017.  Web: >http://www.healthcareitnews.com/news/former-bupa-employee-posts-1-million-records-sale-dark-web<   See Generally Ekundayo George.  Cybersecurity: Its not just about “B” for Bob, but also eCommerce, Structure, and Trust.  Published on ogalaws.wordpress.com, November 3, 2014  Web: >https://ogalaws.wordpress.com/2014/11/03/cybersecurity-its-not-just-about-b-for-bob-but-also-ecommerce-structure-and-trust/<

[30] Jesse McKenna.  WannaCry: How We Created an Ideal Environment for Malware to Thrive, and How to Fix It.  Published on infosecisland.com, July 12, 2017.  Web: >http://www.infosecisland.com/blogview/24941-WannaCry-How-We-Created-an-Ideal-Environment-for-Malware-to-Thrive-and-How-to-Fix-It.html<

[31] Ekundayo George.  Monopolies and Market Dominance in the “Gig” eConomy?  We are Getting There!  Posted February 19, 2018 on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/2018/02/19/monopolies-and-market-dominance-in-the-gig-economy-we-are-getting-there/<

The Long Shadow of Maximillian Schrems v. Data Protection Commissioner [2015] – What Next for EU Safe Harbour Compliance on Data Transfers to the United States?

November 9, 2015

INTRODUCTION:

On October 6, 2015,[1] the Court of Justice of the European Union (ECJ) declared invalid a decision of the European Commission on July 26, 2000[2] that had, pursuant to the relevant EU data protection law,[3] granted and acknowledged safe harbour for certain United States entities when transferring the personal data of European Union citizens to, and processing and storing that data within the United States. The case had been referred to the ECJ for a preliminary ruling from the High Court of Ireland, with a subsequent non-binding Opinion from the ECJ Advocate General, Yves Bot,[4] that the ECJ eventually followed.

CASE HISTORY:

The case began when Maximilian Schrems, an Austrian Citizen (and law student at that time), spearheaded a group to file a complaint with the Irish Data Protection Commissioner (DPC)[5] against Facebook Ireland Ltd, which is the company’s European headquarters. When Billy Hawkes, the Irish DPC rejected the case,[6] Schrems and his group sought and were granted judicial review at the High Court of Ireland.[7] Citing pre-emption on the key issues by European law, Mr. Justice Hogan adjourned the case pending referral to the European Court of Justice (ECJ).[8] Those key issues were: (a) whether the Edward Snowden revelations of 2013[9] revealed such a wholesale (both actual and potential) lack of compliance with European law that the U.S. Safe Harbour provisions with regard to transferring the personal information of European Citizens were essentially invalid; and (b) whether EU member states were bound by controlling EU privacy laws regarding those safe harbours, or free to pursue their own investigations into allegations of privacy breach or other non-compliance as and when needed, and were then subsequently able to suspend data transfers if they violated EU laws and/or EU citizen rights. Advocate General Bot had opined in the affirmative on both of these points,[10] and the ECJ agreed.

IMPLICATIONS:

Being effective immediately and with no grace period (or period of suspended invalidity as would likely have been applicable in Canada,[11] were the matter heard under Canadian jurisdiction),[12] the ruling immediately put the businesses and business practices of thousands of entities in legal jeopardy for their reliance on an invalid law. Fortunately for all, the European Union’s 28 national data protection authorities, acting through their Article 29 Working Party, issued an October 16, 2015 statement[13] encouraging those entities impacted by the ruling to negotiate, establish, and implement their own interim measures to ensure compliance with the ruling, including, in a later Q&A compliance release of November 6, 2015, that they “consider putting in place any legal and technical solutions to mitigate any possible risks they face when transferring data”;[14] assuring European businesses and citizens that privacy and data protection remained key elements of European law, and that they would issue further guidance at a national level, but at a later date; and implying quite strongly, that coordinated enforcement actions might issue if an appropriate successor framework could not be negotiated with the United States by the end of January, 2016.[15] That specific “deadline” language, read:

“If by the end of January 2016, no appropriate solution is found with the US authorities and depending on the assessment of the transfer tools by the Working Party, EU data protection authorities are committed to take all necessary and appropriate actions, which may include coordinated enforcement actions.”[16]

Essentially, then, the Commissioners agreed to implement a suspended enforcement as they could not retroactively seek or secure any period of suspended invalidity from the ECJ, and nobody had asked for one to be considered on the possibility of such a decision resulting. It would have been interesting to read the ECJ views on Canadian and other such precedent …. Perhaps we’ll read that some other time!

For now, we watch as companies scramble to “not” comply with this newly invalid law;[17] we wait for both that national European guidance (whether or not uniform or coordinated);[18] and we follow – to the extent made public – negotiations between the United States and Europe up to January 31, 2016. There may already be light at the end of that negotiation tunnel, as two identical bills – H.R.1428[19] in the House of Representatives (now passed by the full House), and S.1600 in the United States Senate[20] may eventually grant the United States District Court for the District of Columbia (USDC, DC) exclusive jurisdiction to hear foreign citizens’ privacy breach complaints against federal (not state) government actors of the United States. But, only the President can sign any final version of either Bill, into law.

In addition, the matter – now transferred back to the Irish High Court for further deliberations, may still result in a finding that Facebook cannot provide adequate data privacy protections for European citizens. If again referred or appealed to the ECJ, and upheld, Facebook’s European operations might cease under subsequent enforcement actions in one or many European jurisdictions on such a ruling.

And so, one way or the other, we wait![21]

*****************************************************************

Author:

Ekundayo George is a lawyer and sociologist. He has also taken courses in organizational and micro-organizational behavior, and gained significant experiences in regulatory compliance, litigation, and business law and counseling. He is licensed to practice law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America. See, for example: http://www.ogalaws.com. A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors. He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

Trained in Legal Project Management (and having organized and managed several complex projects before practicing law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams. Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: Healthcare; Education & Training; Law & Regulation; Policy & Plans; Statistics, Economics, & Evaluations including feasibility studies; Infrastructure; and Information Technology/Information Systems (IT/IS) – also sometimes termed Information Communications Technologies (ICT). See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred. The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein. Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

[1] Schrems (Judgment) [2015] EUECJ C-362/14 (06 October 2015), [2015] EUECJ C-362/14, [2015] WLR(D) 403, EU:C:2015:650, ECLI:EU:C:2015:650. Online: http://www.bailii.org/eu/cases/EUECJ/2015/C36214.html

[2] Commission Decision 2000/520/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (OJ 2000 L 215, p. 7)

[3] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ 1995 L 281, p. 31).

[4] Case C-362/14 Maximillian Schrems v. Data Protection Commissioner [2015] EUECJ C-362/14, Opinion of AG Bot (23 September 2015). Online: http://www.uni-muenster.de/Jura.itm/hoeren/itm/wp-content/uploads/C0362_2014-EN-Opinion.pdf

[5] RTE News. Data Protection Commissioner says no action will be taken against Apple and Facebook. Published on rte.ie, July 26, 2013. Online: http://www.rte.ie/news/2013/0726/464770-data-protection/

[6] Id.

[7] Schrems v. Data Protection Commissioner [2014] IEHC 310 (18 June 2014). Online:http://www.bailii.org/ie/cases/IEHC/2014/H310.html

[8] Ruadhán Mac Cormaic. High Court refers Facebook privacy case to Europe. Published on irishtimes.com, June 19, 2014. Online: http://www.irishtimes.com/business/technology/high-court-refers-facebook-privacy-case-to-europe-1.1836657

[9] Barton Gellman. Edward Snowden, after months of NSA revelations, says his mission’s accomplished. Published on washingtonpost.com, December 23, 2013. Online: >http://www.washingtonpost.com/world/national-security/edward-snowden-after-months-of-nsa-revelations-says-his-missions-accomplished/2013/12/23/49fc36de-6c1c-11e3-a523-fe73f0ff6b8d_story.html

[10] Supra note 4.

[11] Schachter v. Canada, [1992] 2 S.C.R. 679 at 715-16, 1992 CanLII 74 (SCC) per Lamer, CJ. Online: http://scc-csc.lexum.com/scc-csc/scc-csc/en/item/903/index.do

A court may strike down legislation or a legislative provision but suspend the effect of that declaration until Parliament or the provincial legislature has had an opportunity to fill the void. This approach is clearly appropriate where the striking down of a provision poses a potential danger to the public (…) or otherwise threatens the rule of law (…). It may also be appropriate in cases of underinclusiveness as opposed to overbreadth. For example, in this case some of the interveners argued that in cases where a denial of equal benefit of the law is alleged, the legislation in question is not usually problematic in and of itself. It is its underinclusiveness that is problematic so striking down the law immediately would deprive deserving persons of benefits without providing them to the applicant. At the same time, if there is no obligation on the government to provide the benefits in the first place, it may be inappropriate to go ahead and extend them. The logical remedy is to strike down but suspend the declaration of invalidity to allow the government to determine whether to cancel or extend the benefits. (Citations omitted).

[12] As I wrote in an earlier blog post, Canadians are very much aware of the challenges of international data governance and transnational privacy protection. See e.g. Ekundayo George. In who’se pocket is your data packet? – International Data Governance. Published on ogalaws.wordpress.com, February 6, 2013. Online:

https://ogalaws.wordpress.com/2013/02/06/in-whose-pocket-is-your-data-packet-international-data-governance/

[13] Article 29 Working Party (Art. 29 WP). Statement on the implementation of the judgement of the Court of Justice of the European Union of 6 October 2015 in the Maximilian Schrems v Data Protection Commissioner case (C-362-14). Brussels, October 16, 2015. Online: http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/2015/20151016_wp29_statement_on_schrems_judgement.pdf

[14] European Commission – Fact Sheet. Q&A: Guidance on transatlantic data transfers following the Schrems ruling.

MEMO/15/6014. Brussels, November 6, 2015. Online: http://europa.eu/rapid/press-release_MEMO-15-6014_en.htm

[15] Supra, note 13.

[16] Id.

[17] See e.g. supra, note 14.

[18] Technology executives and politicians alike have even warned that if these concerns over, and an increasingly vocal resistance to, targeted and/or bulk collection of personal data through government surveillance continue to “trend”, we may very soon see a real splintering of the internet into several disparate and walled-off variants. See e.g. Stephen Lawson, IDG News Service. Jitters over US surveillance could break the Internet, tech leaders warn. Published on itworld.com, October 8, 2014. Online: http://www.itworld.com/article/2825590/security/jitters-over-us-surveillance-could-break-the-internet–tech-leaders-warn.html

[19] First introduced in the United States House of Representatives (the “House”) on March 18, 2015 by Representative F. James Sensenbrenner, a Wisconsin Republican, the HR.1428 Bill is officially known as The Judicial Redress Act of 2015, and has a stated purpose “[t]o extend Privacy Act remedies to citizens of certified states, and for other purposes”. Online: https://www.congress.gov/bill/114th-congress/house-bill/1428/all-info

[20] First introduced in the United States Senate (the “Senate”) on June 17, 2015 by Senator Christopher S. Murphy, a Connecticut Democrat, the S.1600 Bill has now been referred (as H.R.1428) to the Senate Judiciary Committee, but it is yet to be considered and voted upon by the full Senate. Online: https://www.congress.gov/bill/114th-congress/senate-bill/1600/all-info

[21] *Reserved (pending further news).

Top 5 Technology Trends for Business and Consumers – Predictions for 2015-16.

February 6, 2015

Looking back to 2013, I had predicted the 5 top technology trends (specifically for consumers) in that year, to be:

(i) Accelerated lived experience;

(ii) Bring Your Own Device (BYOD);

(iii) Crowdsourcing;

(iv) Distance education; and

(v) End-User legal authority/license autonomy/leveraged ability (EULA3). [1]

These pretty much held true, and even lasted both into and through 2014. The pace of instantaneous news, social tweets and alerts, and all manner of reality TV from financing pitches, through entire shows that are literally “celebrity selfie-cams”, to instantaneous gratification through crowd sourcing of funding, business and consumer information, and general gossip, have created this ever accelerating lived experience. Ever greater sales of handheld devices have forced employers to draft BYOD policies for employees too attached to their own devices to let them go, and all manner of distance education is now available for a fee, or for free in the ever-expanding offerings of Massive Open Online Course (MOOC).[2] As well, immersive gaming, as it develops with optional story lines, the move to taking software bits as building blocks for people to create their own widgets and full applications, and the myriad of customizable self-help, professional, and practical document templates available online, taken together, will only further speed EULA3.[3]

Fully justified then (and thankfully so) in my predictions, let us now move on to 2015-16, then. Here, in the midst of technology and its relentless forward motion, all I see – is “Paper”! This stands for:

Personalization;

A3 (aggregation, analytics, and advising);

Protection;

eMoney; and

Remoting. We will consider them in turn, and in that order.

Personalization:

Whether it is widgets, backgrounds, wallpapers, icons, ringtones, and home screen layouts of the ipod, android, iphone, desktop, laptop, or tablet,[4] personalization and customization are all the rage for maximizing the user-centric experience.

“The constantly connected consumers of today are extremely savvy, using all available channels and devices to research, review, compare prices and ultimately purchase products. Basic personalization (such as name and account personalization and dynamic interest or product content) no longer serves consumers’ demand for deeper levels of real-time personalized information. Increasingly, these savvy consumers are taking their business to companies that provide more than basic personalization and automated lifecycle campaigns. Customers now prefer brands that deliver individualized experiences that match their needs in the present moment”.[5]

Even giants of the online world, such as Yahoo,[6] have now realized that the way to truly reach and engage your customer, it to intimately know your customer for and through, “Real-time Marketing”[7] and personalization practices. Personalization is based on gathering and analyzing observation data, to analyze and make predictions based upon what you know. This is why A3, which underlies real-time marketing, will also be a top trend for 2015-16, in my prediction.

A3 (Aggregation, Analytics, and Advising):

The SAS Institute, Inc., put out a 2013 white paper on demand sensing and shaping through big data analytics,[8] which perfectly sums-up the first stage of the real-time marketing process. In the second stage, I would add demand supporting and serving, which sustains that demand in existence by providing those cues to trigger it (familiarity, emotional advertising triggers, positive associations in product placement, and so forth), and thence return customers to your established, satisfaction-source.

Big Data (and its means of collection)[9] do have other applications beyond the pure consumer, however. These include generic disaster management applications,[10] and estimating or better “guess”-timating the true incremental and future impacts of climate change on humans and the environment.[11]

Protection:

With all of this data and its very many faces,[12] along with the potential to gather and analyze it, and the undisputed value of the end result in the predictive analytics space, there is a growing need at all levels, for more robust protective mechanisms – wherever it falls on the spectrum of privacy practices,[13] data governance and document preservation, or cybersecurity. IT in general, is looking forward to a banner year in 2015.[14] The IT security sub-sector, for its part, is not too far off, either, with a spate of increasingly spectacular, recent[15] and historical[16] hacks and cyberattacks drawing the attention of the risk management industry,[17] regulators,[18] private businesses,[19] and concerned citizens in an ongoing and multi-sided tussle,[20] both amongst themselves and with criminal elements. A very large data breach was just disclosed at Anthem Inc. (a health insurer with operations across 14 states), in which up to 80 million records of Personally Identifiable Information (PII) – but apparently no Personal Health Information (PHI), according to initial evaluations – are suspected to have been compromised.[21]

eMoney:

Despite the dangers and concerns, however, the pace of progress continues to pick-up, with electronic payments of the Paypal variety moving to Square and eMoney, in the largely unregulated (and hacked)[22] Bitcoin, and the more mainstream proposed and competing offerings of CurrentC from the Merchant Customer Exchange (MCX) – which was also hacked,[23] and Google Wallet, Softcard, and Apple Pay.

Remoting:

With ever-more personalized experiences being available through more and more interconnected devices, we are moving towards an Internet of Things (IoT) that raises even more cybersecurity concerns that now include remote access and remote control/takeover,[24] whether or not authorized or even traceable back to source.[25] This has led one commentator to describe this future state as the “Internet of Bad Things”.[26] Going further to consider the impetus for a change in our security mindset, consider the words of Dr. Arati Prabhakar, the director of the United States Defence Advanced Research Projects Agency (DARPA), when she said:

“The largest explosion of millisecond machine actions will take place when billions of IoT devices are deployed. Until we find a way to authenticate, view, audit, analyze and block IoT devices often connected to cloud computing, we frankly shouldn’t be putting IoT out there. As the security industry saying goes, “money trumps security,” and as increasingly more of these IoT product (sic) are released, cybersecurity will just be playing catch-up. With potentially billions of these devices being deployed all over the world, this could lead to a cyber attack free-for-all of catastrophic proportions.”[27]

However, remoting is not all doom and gloom. Witness the growing use of crowdfunding to raise money for important events, popular initiatives, or proposed or emerging or growing business ventures; and even the burgeoning business of “pay to watch” that has now gone from the original voyeur cams, through specialized YouTube channels where you can pay to watch people play video games,[28] or modern day South Korea, where people will pay to remotely watch someone – a “broadcast jockey” – do something as mundane as eating.[29] Drones, scene capture devices, and wearable devices in ever-lighter cameras (from glass and its successors, through GoPro, police cam, dash cam, spy cam, home surveillance, commercial and industrial surveillance, government surveillance, and mobile devices in any and all form factors now known or yet to come, and from the clunky to the micro- or nano-scale), will combine[30] to bring more, and ever uniquer, shareable, monetizable remoting experiences to come![31]

CONCLUSION

These then, are my PAPER predictions for technology in 2015-16 – Personalization, A3 (aggregation, analytics, and advising), Protections, eMoney, and Remoting. I think they will come to fruition, just as predicted, but we have to wait and see. Enjoy the view!

*****************************************************************

Author:

Ekundayo George is a lawyer and sociologist. He has also taken courses in organizational and micro-organizational behavior, and gained significant experiences in business law and counseling, diverse litigation, and regulatory compliance practice. He is licensed to practice law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America. See, for example: http://www.ogalaws.com. A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy. He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

Trained in Legal Project Management (and having organized and managed several complex projects before practicing law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams. Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: Healthcare; Education & Training; Law & Regulation; Policy & Plans; Statistics, Economics, & Evaluations including feasibility studies; Infrastructure; and Information Technology/Information Systems (IT/IS) – also sometimes termed Information Communications Technologies (ICT). See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred. The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein. Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

[1] Ekundayo George. Ctrl-Shift-Del: 2013’s Top 5 Technology Trends for Consumers. Posted March 16, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/03/16/ctrl-shift-del-2013s-top-5-technology-trends-for-consumers/<

[2] Wikipedia.org. Massive Open Online Course (MOOC), a definition. Online: >http://en.wikipedia.org/wiki/Massive_open_online_course<

[3] Supra note 1.

[4] See e.g. selected Android personalization offerings, on display for download at the google store. Online:

>https://play.google.com/store/apps/category/PERSONALIZATION<

[5] Katrina Conn. Moving Beyond Basic Personalization to Real-Time Marketing. Posted January 7, 2014, on Clickz.com. Online: >http://www.clickz.com/clickz/column/2321243/moving-beyond-basic-personalization-to-real-time-marketing<

[6] Yahoo. The Balancing Act: Getting Personalization Right. Posted on yahoo.com. Online: >https://advertising.yahoo.com/Insights/BALANCING-ACT.html<

[7] Supra note 5. “Real-time marketing is the ongoing cycle of engagement, data management, analytical insights and optimization – performed continuously and immediately. In other words, it’s the streamlined management of data, transformed into actionable insight that is used to enhance your customer’s experience.”

[8] The SAS Institute. White Paper: Unlocking the Promise of Demand Sensing and Shaping Through Big Data Analytics – How to Apply High-Performance Analytics in Your Supply Chain. Published on idgenterprise.com, and visited February 2, 2015. Online: >http://resources.idgenterprise.com/original/AST-0112051_UnlockingPromise.pdf<

[9] Dennis Keohane. Aaron Levie, Box see drones and Internet of Things as data sources of the future. Posted September 23, 2014, on betaboston.com. Online: >http://betaboston.com/news/2014/09/23/aaron-levie-box-data-drones-internet-of-things/<

[10] See e.g. Robert A. Runge and Isabel Runge. Data-Driven Disaster Management. Posted October 29, 2014, on nextgov.com. Online: >http://www.nextgov.com/technology-news/tech-insider/2014/10/data-driven-disaster-management/97700/?oref=voicesmodule<

[11] See e.g. Chelsea Harvey. UN REPORT: Our Climate Change Future Is Terrifying And Emissions Need To Stop Completely As Soon As Possible. Posted November 4, 2014, on businessinsider.com. Online: >

http://www.businessinsider.com/un-climate-report-stop-all-greenhouse-emissions-2014-11

< ; See also Carl Zimmer. Ocean Life Faces Mass Extinction, Broad Study Says. Posted January 15, 2015, on nytimes.com. Online: >http://www.nytimes.com/2015/01/16/science/earth/study-raises-alarm-for-health-of-ocean-life.html?_r=0<

[12] Ekundayo George. The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 1 – Form Factors). Posted November 1, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/11/01/the-100-faces-of-data-a-5-part-complex-systems-study-part-1/<

[13] Amber Hunt, The Cincinnati Enquirer. Experts: Wearable tech tests our privacy limits. Posted February 5, 2015, on usatoday.com. Online: >http://www.usatoday.com/story/tech/2015/02/05/tech-wearables-privacy/22955707/< In one of my earlier blogs (if updated), the “User-Generated Legality Issues” (UGLIs) created by these treasure troves of “quantified self” data available through wearable devices, would be “self-outing 104”.

See e.g. Ekundayo George. The Video Privacy Protection Act (VPPA) Amendment of 2012 – Self-Outing 103? Posted January 11, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/01/11/the-video-privacy-protection-act-vppa-amendment-of-2013-self-outing-103/<

[14] Steve Ranger. Bigger budgets, better tech: Why 2015 is a good year to be working in IT. Posted February 4, 2015, on techrepublic.com. Online: >http://www.techrepublic.com/blog/european-technology/bigger-budgets-better-tech-why-2015-is-a-good-year-to-be-working-in-it/?tag=nl.e101&s_cid=e101&ttag=e101&ftag=TRE684d531<

[15] Pedro Hernandez. Xbox Live, PSN Back Online After Holiday DDoS Attacks. Posted December 29, 2014, on eweek.com. Online: >http://www.eweek.com/security/xbox-live-psn-back-online-after-holiday-ddos-attacks.html< See also the comprehensive hacking and public shaming of Sony, through compromised emails.

[16] I referenced several of the more historical, spectacular hacks in this earlier blog post. Ekundayo George. Cybersecurity: Its not just about “B” for Bob, but also eCommerce, Structure, and Trust. Posted November 3, 2014, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2014/11/03/cybersecurity-its-not-just-about-b-for-bob-but-also-ecommerce-structure-and-trust/<

[17] Pinsent Masons (out-law.com), citing the Institute of Chartered Accountants in England and Wales (ICAEW).

Cyber risks evolving faster than business capabilities, says accountancy body. Posted October 30, 2014, on out-law.com. Online: >http://www.out-law.com/en/articles/2014/october/cyber-risks-evolving-faster-than-business-capabilities-says-accountancy-body/<

[18] Aliya Sternstein. Report: Agencies Aren’t Properly Vetting All Cyber Contractors. Published September 9, 2014, on nextgov.com. Online: >http://www.nextgov.com/cybersecurity/2014/09/agencies-contractor-employees-cyber-workforce/93620/<

[19] Aliya Sternstein. 97 Percent of Key Industries Doubt Security Compliance Can Defy Hackers. Posted July 10, 2014, on nextgov.com. Online: >http://www.nextgov.com/cybersecurity/2014/07/97-percent-key-industries-doubt-security-compliance-can-defy-hackers/88324/?oref=ng-relatedstories<

[20] See e.g. In the Matter of a Warrant to Search a Certain email Account Controlled and Maintained by Microsoft Corporation. Memorandum and Order of James C. Francis IV, United States Magistrate Judge, released April 25, 2014. 13 Mag. 3814, United States District Court for the Southern District of New York (SDNY). Online: >https://s3.amazonaws.com/s3.documentcloud.org/documents/1149373/in-re-matter-of-warrant.pdf<

Just reading through this decision, which from the first paragraph defines the complexity of this issue, shows the many interests, laws and policies, and considerations at stake in that constant tussle between individual rights and privacy, business interests (including the personalization push), and the mandates of law enforcement and national security – whether nationally and across borders, or when multiple nations do or claim to have a primary stake.

The further steps since taken in that ongoing effort by the United States government to access emails stored on servers that are physically located in Ireland, only further underline the complexities and interests at stake. See also Mark Scott. Ireland Lends Support to Microsoft in Email Privacy Case. Posted December 25, 2014, on bits.blogs.nytimes.com. Online:>http://bits.blogs.nytimes.com/2014/12/24/ireland-lends-support-to-microsoft-in-email-privacy-case/?_r=0&module=ArrowsNav&contentCollection=Technology&action=keypress&region=FixedLeft&pgtype=Blogs<

[21] Elizabeth Weise, USA Today. Massive breach at health care company Anthem Inc. Posted February 5, 2015, on usatoday.com. Online: >http://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/<

[22] Zack Whittaker for Zero Day. Bitstamp exchange hacked, $5M worth of bitcoin stolen. Posted January 5, 2015, on zdnet.com. Online: >http://www.zdnet.com/article/bitstamp-bitcoin-exchange-suspended-amid-hack-concerns-heres-what-we-know/<

[23] Ryan Mac, Forbes Staff. Apple Pay Rival and Walmart-backed MCX Hacked, User Emails Snatched. Posted October 29, 2014, on forbes.com. Online: >http://www.forbes.com/sites/ryanmac/2014/10/29/apple-pay-rival-and-walmart-backed-mcx-hacked-user-emails-compromised/<

[24] Katie Fehrenbacher. The real breakthrough of Google Glass: controlling the internet of things. Posted March 23, 2013, on gigacom.com. Online: >https://gigaom.com/2013/03/23/the-real-breakthrough-of-google-glass-controlling-the-internet-of-things/<

[25] Larry Karisny. Getting Cybersecurity to Actually Work: More Connections, More Problems. Posted September 15, 2014, on digitalcommunities.com. >http://www.digitalcommunities.com/articles/Getting-Cybersecurity-to-Actually-Work.html<

“Before we discuss solutions to these cybersecurity problems, let’s take a look at what the future looks like in our continually interconnected world. From social media to smart phones apps to the IoT promise of smart everything, we are reaching a point of truly not knowing what is connect to what — and hackers know this. Take the Target breach — the attacker used backdoor access to the company’s energy management systems to then access a server containing confidential customer information. We are increasing (sic) digitizing our people and machine processes, and are beginning to lose control of what we are doing.”  

[26] Zach Ferres. The Internet of (Bad) Things. Posted November 5, 2014, on linkedin.com. Online: >https://www.linkedin.com/pulse/article/20141105140616-28760747-the-internet-of-bad-things<

[27] Larry Karisny. DARPA Director Calls for Cybersecurity Change. Posted November 7, 2014, on digitalcommunities.com. Online: >http://www.digitalcommunities.com/articles/DARPA-Director-Calls-for-Cybersecurity-Change.html<

[28] By Josh Warwick, video by Phil Allen. Meet the 21-year-old YouTuber who made millions playing video games. Posted October 16, 2014, on telegraph.co.uk. Online: >http://www.telegraph.co.uk/men/the-filter/11139724/Meet-the-21-year-old-YouTuber-who-made-millions-playing-video-games.html<

[29] Stephen Evans. The Koreans who televise themselves eating dinner. Posted February 4, 2015, on BBC.com. Online: >http://www.bbc.com/news/magazine-31130947<

[30] Luisa Rollenhagen. Guy Hacks Google Glass to Steer Drone. Posted August 23, 2013 on mashable.com. Online:

>http://mashable.com/2013/08/24/drone-pilots-google-glass/<

[31] See e.g. Erin Carson. 2015: 4 IT job skills for the new year. Posted January 8, 2015, on techrepublic.com. Online: >http://www.techrepublic.com/article/2015-4-it-job-skills-for-the-new-year/<

Canvassing conventional and learned wisdom, I would humbly say that at least one of my predictions (protections) is echoed and supported in the focus here on “security skills” in this piece by HR and IT professionals. Three of my other predictions (Remoting, A3, and Personalization) are at least strongly implicated, in the call for “versatility” and skills in “project management”. “Desktop support” is the fourth 2015 IT job skill set listed by Techrepublic.

Cybersecurity: Its not just about “B” for Bob, but also eCommerce, Structure, and Trust.

November 3, 2014

PREFACE:

Just the other day, when I was looking over a post on the 5 largest cyberbreaches of 2014 (to date),[1] my mind went back to the Case of Bob,[2] a malfeasing cyber breach insider, on whom I blogged in an earlier post.  The top 5 list sequenced a total of 309 million records.[3]  That is, I believe, enough to cover stealing one record each, from every Citizen of Canada (34 million), Italy (61 million), France (63 million), the United Kingdom (64 million), and Germany (82 million); at a total of 304 million records, according to their respective population counts in 2013.[4]  Looking only domestically, in the United States, this 309 million could account for the loss of a single record (e.g. social security number) for all but 6 million U.S. Citizens in a 315 million population count at 2013.[5]  That’s a whole lot of broken (out/into) records![6]

Clearly, this is a big and growing problem.  And so, I decided to look a little more closely at that list, focus-in on the non-American example of South Korea,[7] and lay-down a better understanding of why the cyber realm remains so hard to secure – not just from last year’s big breaches at Target,[8] Adobe,[9] and LivingSocial,[10] but persistently and consistently for even those most tech-savvy of U.S. businesses and veterans of the eCommerce and eBanking verticals, including Google/Gmail,[11] Home Depot,[12] JPMorgan Chase & Co,[13] and eBay;[14] along with assorted state and federal government entities.[15]

I will look at the problem from four angles: “B” for Bob, “E” for eCommerce, “S” for Structure, and “T” for Trust; addressing the challenges and opportunities in which, obviously requires certain “b-e-s-t” practices.  This is a simplification of an extremely complex issue, but a useful approach, nevertheless.

 

THE B-ANGLE:

Bob[16] was not the first, nor will he be the last insider to “go rogue”.  The debate continues on whether insiders or outsiders are the greater threat.

“The fact that the individual was reportedly able to access and then sell on vast quantities of customer information is very worrying. It should not be the case that an employee – and in this case a temporary consultant – is able to access and then download sensitive data without this suspicious activity being flagged up,” (…)[17]

“It would seem that this case is a classic example of the ‘insider threat’ – that is, the malicious abuse of privileged access. A breach of customer data can spell disaster for a business, due to the loss of customer confidence, revenue and the possibility of severe financial penalties if they are found to have been negligent in the protection of this information.”[18]

However, it is the safest and the highest of best practices, to do one’s utmost best to protect against both, and each through the other, in a figure of eight lattice-work.

Suggested solutions include: proper and more comprehensive onboarding and offboarding; segregation of duties; rigorous credentialing and authorization procedures; real-time access and event logging; training and discipline with enforced usage rules (BYOD, social media, portable media, telecommuting); behavioural guidance including full disclosure of privacy limitations and waivers as applicable (travel and mobile security, regulatory compliance, data governance, eDiscovery, and cybersecurity); and so forth – including ONGOING due diligence on ALL employees, vendors, contractors, and counterparties on these parameters.[19] Just as banks were looking to their law firms to harden cyber defences,[20] regulators and especially financial sector regulators, have also been increasingly focused on the issue of cybersecurity.

“The question we need to all ask as regulators is should we be considering the cyber threat as something as fundamental to institutions as capital levels. I’m not saying yet that they’re equal but we should probably start discussing them in the same breath[.]”[21] The legal community has long weighed-in on this issue for and regarding others, but has only recently and so publicly, been forced to look at its own house, with some resulting and readily available, practical guidance on the starting point for a law firm cyber audit that is easily applicable to other industries.[22]

 

THE E-ANGLE:

eCommerce is a 5-edged sword (hard to see in reality – especially as anything easy to wield or even effective, but logically easy to conceptualize). There are the two (alleged) counterparties; there are each of the (apparent) originating and destination locations; and then there are the (acceptable, accredited, and accepted) payment parameters. These are the five.

Counterparties are “alleged” because one or more may be fictitious or on a borrowed or pilfered identity.  Originating and destination locations may be fronts, dead drops, or non-existent.  And the acceptable payment methods may have one party presenting something with false accreditation that is accepted as valid until it is too late to halt the deal;[23] something with proper accreditation that is intercepted before being properly accepted by the intended recipient;[24] or something with proper accreditation that is accepted by a fictitious or otherwise fraudulent counterparty.[25]

Albeit fraught with dangers, eCommerce has become indispensable in an interconnected, and beyond line of sight business world.  The best we can do is manage it, harden it in advance, and adapt as and when a new vulnerability is shown in this constant battle for sword edges between victims, and rogues.

 

THE S-ANGLE:

Now, we look back to South Korea, and ask whether there is any structural strength or weakness that makes the nation a recurring[26] and worthy[27] target for cybercrime; and the answer is a very loud yes.

With a wealthy and tech savvy population that has a GDP/PPP over US $33,000, South Korea in 2013, was Asia’s 4^th largest economy, 12^th largest in the world, and 10^th largest, globally, in terms of trade in merchandise and services, alone.[28] In that same year, the economy grew by 2.8%, and had a projected 2014 growth forecast of 3.5-4%.[29]

Essentially, South Koreans are connected, mobile-friendly, and absolutely just love eCommerce.  Nearly 80% of the population is online, which makes it the most connected country in the world.[30]  Mobile penetration has also long been high,[31] with 75% of South Koreans using smartphones overall, and a 98% penetration rate for the 18-24 demographic.[32] On the subject of eCommerce, the consultant Borderfree, “found that an increasing number of South Koreans shop overseas retailers to find lower prices, leverage parcel forwarding to save on shipping costs and join online communities to resell imported items they don’t want.”[33]  Since at least 2008, it has been quite commonplace for South Koreans to send and receive gift certificates and discount coupons by mobile or smart phone, which can be redeemed just by showing the phone and having it scanned, making coupon clipping (and paper coupons), things of the past.[34]

“From smartphones with flexible, foldable screens to smart refrigerators where you can view the inside contents while shopping; or smart communities, where even your child’s wanderings can be tracked through a central operations centre, Korean companies are on the cutting edge of technology.  Each is vying to be the first to develop the Next Big Thing.”[35]

Hence it follows that if everything cyber-new is there, as in methods and applications in a target-rich environment, then every old and new form of cyber offence will also follow into this nation that is essentially structured and functions, as a massive testbed!

This factor is further underscored by the fact that: “South Koreans have on average five credit cards, compared to two in the U.S., and the country has the highest credit card penetration globally.  Consumers in South Korea also use credit more often.  There are 129.7 credit card transactions per year in South Korea, compared to 77.9 credit card transactions annually in the U.S.”[36]  Newer technologies introduced will invariably have often unforeseen vulnerabilities that have yet to be patched, and credit card ownership and use have, to date, hardly proved to be entirely risk-free.

It is therefore no surprise that cyber-criminals will congregate at that confluence of high credit card use, high technology, extreme connectivity and mobility, and intense eCommerce that is South Korea.

 

THE T-ANGLE:

I have written, elsewhere, that data has very many “faces” – ranging through Form Factors, Applications, Categories, End-users, and Scale; and therefore presenting many attack surfaces vulnerable to myriad and multiplying attack vectors.[37]  Yes, we can (and must) generally trust the data of and provided by counterparties in an eCommerce-driven world, but why not also verify? Too few are taking the time to fully go through the steps, due to cost and time concerns.  When you receive an email, does the return email match the claimed sender, is the content their usual, are the links or required/suggested actions suspicious in any way?  When it is a business, does the contact information match what they list in a directory (remembering that the spoof site found through an internet search is still a spoof site)?  If this is a claimed professional, are they registered somewhere in a searchable official or regulatory database with the same contact data?  Finally, if it is a financial institution account communication, then do you do business with them?  If the answer is no, or your financial services provider does not send you such open login requests, then you should delete the message! These are very basic steps.

Forensic investigations, eDiscovery, disaster preparedness and recovery, and assessing the effect and impact of remediation measures are now greatly aided by better information governance;[38] as well as backups balanced with commonsense and due diligence in knowing what you are getting into with specific situations as a cloud vendor, a cloud user, or a basic data custodian.[39]

 

CONCLUSION:

Banks had all the money, but data custodians have all the data. Criminals therefore go after the motherlodes of data (financial services entities, telecommunications providers, medical legal and accounting professionals, governments, and other data-loaded intermediaries including high volume vendors – supermarkets, department stores, and hardware stores) where no shotguns or facemasks are needed, because they are unseen and can blend into that stream of blissfully unmonitored eCommerce.

Whether stupendously big, or comparatively small,[40] and even if we don’t hear about them publicly or immediately,[41] there will likely still be hacks for quite some time to come. However, all is far from lost, despite the mind-numbing possibility of staggering single and cumulative future data breaches in new markets,[42] and due to developing mobile and virtual payment and settlement solutions – regardless of the breach’s apparent or alleged nation of origin.

“However, I also think that all threats can be adequately considered when you focus on: (a) achieving buy-in to the need for security protocols and adherence thereto at all levels of the organization; (b) you budget accordingly for training, ERP, and the staff and tolls to deal with the threat universe; and (c) you assiduously enforce best practices, even when it makes (for some) the accessing of preferred apps. or sites inconvenient to impossible, or slows people down a little.  I call this cubing the B.”[43]

In the end, it all starts with leadership, because where there is no buy-in for doing what needs to be done from the higher-ups due to cost concerns, short sightedness, or bad advice, there will be little to no I.T. security budget, best practices will be whatever the heck everyone feels like doing at the time, and a breach will surely come.[44]

At the very least, then, in response to Bob & Co. and what they can do, you should sincerely cube that B!

_____________________________________________________

 

Author:

Ekundayo George is a lawyer and a sociologist. He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory compliance practice. He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing). See, for example: http://www.ogalaws.com. A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy. He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

 

Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant- sourcing, managing, and delivering on large, strategic projects with multiple stakeholders and multidisciplinary teams. Our competencies include program investigation, sub-contracted procurement of personnel and materiel, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through a highly-credentialed resource pool with several hundred years of combined expertise, in: Healthcare; Education & Training; Law & Regulation; Policy & Plans; Statistics, Economics, & Evaluations including feasibility studies; Infrastructure; and Information Technology/Information Systems (IT/IS) – sometimes also termed Information Communications Technologies, or ICT). See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred. The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

 

***********************************************************************

[1] Chris DiMarco. The top 5 largest cyberbreaches of 2014 (for now). Published October 9, 2014 on insidecounsel.com. Online: >http://www.insidecounsel.com/2014/10/09/the-top-5-largest-cyberbreaches-of-2014-for-now?page=1<

The writer gave these top 5, in ascending order, as: Gmail/Google (5 million), Korea Credit Bureau (20 million), Home Depot (56 million), JPMorgan & Chase Co. (83 million), and eBay (145 million). See also infra, notes 11-14, and 7.

[2] Ekundayo George. Cybersecurity: the Enemy is also (perhaps even more so), Within – the case of “Bob”. Published January 17, 2013 on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/01/17/cybersecurity-the-enemy-is-also-perhaps-even-more-so-within-the-case-of-bob/<

[3] Supra, note 1.

[4] See generally, Wikipedia.

[5] Id.

[6] This is especially true as a sixth big breach has been added since the list was first made, which now fully covers those 6 million “formerly” lucky U.S. Citizens. See e.g. Steve Kovach. Nearly 7 Million Dropbox Passwords Have Been Hacked. Published October 13, 2014, on businessinsider.com. Online: >http://www.businessinsider.com/dropbox-hacked-2014-10<

[7] Initially pegged at 20 million (which number I have retained), the Korea Credit Bureau breach was later re-calculated to have impacted 27 million South Koreans. See Steve Ragan. 27 million South Koreans affected by data breach. Published August 25, 2014, on csoonline.com. Online: >http://www.csoonline.com/article/2597617/data-protection/27-million-south-koreans-affected-by-data-breach.html<

[8] CBC News. Target data hack affected 70 million people. Published January 10, 2014, on cbc.ca. Online: >http://www.cbc.ca/news/business/target-data-hack-affected-70-million-people-1.2491431<

[9] Chris Welch. Over 150 million breached records from Adobe hack have surfaced online. Published November 7, 2013, on theverge.com. Online: >http://www.theverge.com/2013/11/7/5078560/over-150-million-breached-records-from-adobe-hack-surface-online<

[10] Rachel King for Zero Day. LivingSocial confirms hacking; More than 50 million accounts affected. Published April 26, 2013, on zdnet.com. Online: >http://www.zdnet.com/livingsocial-confirms-hacking-more-than-50-million-accounts-affected-7000014606/<

[11] See generally Google Corporate. Cleaning up after password dumps. Published September 10, 2014, on googleonlinesecurity.blogspot.ca. Online: >http://googleonlinesecurity.blogspot.ca/2014/09/cleaning-up-after-password-dumps.html<

[12] Ben Elgin, Michael Riley, and Dune Lawrence. Home Depot Hacked After Months of Security Warnings. Published September 18, 2014, on businessweek.com. Online: >http://www.businessweek.com/articles/2014-09-18/home-depot-hacked-wide-open<

[13] Jim Finkle and Karen Freifeld. States probe JPMorgan Chase as hack seen fueling fraud. Published Friday, October 3, 2014, on reuters.com. Online: >http://www.reuters.com/article/2014/10/03/us-jpmorgan-cybersecurity-idUSKCN0HS1ST20141003<

[14] Jennifer Abel. eBay hacked again? BBC reports hijacked seller accounts. Published September 23, 2014, on consumeraffairs.com. Online: >http://www.consumeraffairs.com/news/ebay-hacked-again-bbc-reports-hijacked-seller-accounts-092314.html<

[15] Administrative Office of the Washington Courts. Washington Courts Data Breach Information Center: Common Questions. Visited November 3, 2014 (regarding a data breach discovered in February/March, 2013). Online: >http://www.courts.wa.gov/newsinfo/?fa=newsinfo.displayContent&theFile=dataBreach/commonQuestions< ;

The Associated Press in Washington. Records of up to 25,000 Homeland Security staff hacked in cyber-attack.

Published Saturday August 23, 2014, on theguardian.com. Online: >http://www.theguardian.com/technology/2014/aug/23/homeland-security-25000-employees-hacked<

[16] Ekundayo George. Cybersecurity: the Enemy is also (perhaps even more so), Within – the case of “Bob”. Published January 17, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/01/17/cybersecurity-the-enemy-is-also-perhaps-even-more-so-within-the-case-of-bob/<

[17] Sophie Curtis. Credit card details of 20m South Koreans leaked. Published January 20, 2014, on telegraph.co.uk. Online: >http://www.telegraph.co.uk/technology/internet-security/10584348/Credit-card-details-of-20m-South-Koreans-leaked.html<, comments on the Korea Credit Bureau case by Matt Middleton-Leal, regional director for the UK and Ireland at security firm CyberArk.

[18] Id.

[19] Indeed, both of the monumental hacks – at Target and Korea Credit Bureau, were accomplished through third parties: Krebs on Security, Email Attack on Vendor Set Up Breach at Target. Published February 12, 2014, on Krebsonsecurity.com. Online: >http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/< ; Lucian Ciolacu. Contractor with USB Stick Commits Biggest Credit Card Data Heist in South Korean History. Published January 21, 2014, on hotforsecurity.com. Online: >http://www.hotforsecurity.com/blog/contractor-with-usb-stick-commits-biggest-credit-card-data-heist-in-south-korean-history-7667.html<

As a result, some banks with their own compliance concerns, are now quite nervous about their law firms as vulnerable third parties. See e.g. Jennifer Smith and Emily Glazer of Dow Jones Business News. Banks Demand That Law Firms Harden Cyberattack Defenses. Published October 26, 2014, on nasdaq.com. Online: >

http://www.nasdaq.com/article/banks-demand-that-law-firms-harden-cyberattack-defenses-20141026-00022<

[20] Id. Jennifer Smith and Emily Glazer of Dow Jones Business News.

[21] Kara Scannell in New York. NY bank regulator targets cyber threat. Published October 6, 2014, on ft.com. Online: >http://www.ft.com/cms/s/0/5a981338-4cdf-11e4-a0d7-00144feab7de.html#axzz3HghMk1j4< quote of Benjamin Lawsky, Superintendent for New York’s Department of Financial Services.

[22] Sharon D. Nelson & John W. Simek. Clients Demand Law Firm Cyber Audits. Published in ABA Law Practice Magazine Vol 39, Number 6 (Nov./Dec. 2013) Online: >http://www.americanbar.org/publications/law_practice_magazine/2013/november-december/hot-buttons.html<

[23] As with a stolen credit card, a bounced cheque, or counterfeit cash, for example.

[24] As with a man in the middle attack (spoofed eCommerce website, or legitimate but infected site with cross-site scripting), for example.

[25] As in advance fee fraud, for example.

[26] In July of 2011, two websites (Cyworld and Nate) run by SK Communications of South Korea were breached, resulting in a loss of some 35 million records. “Hackers are believed to have stolen phone numbers, email addresses, names and encrypted information about the sites’ many millions of members.” See BBC. Millions hit in South Korean hack. Published July 28, 2011, on bbc.com. Online: >http://www.bbc.com/news/technology-14323787< . One year later, in July, 2012, South Korean authorities announced arrests in the case of hacks impacting 8.7 million users at KT Corp, the nation’s number one fixed line operator and number two mobile operator.

 

“The company says hackers stole subscribers’ names, phone and personal identification numbers, and then sold the data to telemarketers.”

 

“An illegally installed computer program had collected subscribers’ information over several months, KT Corp said.”

 

See BBC. South Korea arrests phone firm KT Corp hacking suspects. Published July 30, 2012, on bbc.com. Online: >

http://www.bbc.com/news/technology-19048494<

[27] To impact the Personally Identifiable Information (PII) records of 40% of an entire nation’s population in a single stroke, is certainly a major scoop, by any reckoning. Especially ironic, are the circumstances of this hack:

 

“Customer details appear to have been swiped by a worker at the Korea Credit Bureau, a company that offers risk management and fraud detection services.” (Where were the vendor due diligence, segregation of duties, and the internal fraud controls?) (Emphasis added).

 

“The worker, who had access to various databases at the firm, is alleged to have secretly copied data onto an external drive over the course of a year and a half.” (Where were the access and event logs, “business need only” access privilege limitations, and random audits?) (Emphasis added).

 

See Sophia Yan and K.J. Kwon. Massive data theft hits 40% of South Koreans. Published January 21, 2014, on cnn.com. Online: >http://money.cnn.com/2014/01/21/technology/korea-data-hack/< See also supra, note 13, Jim Finkle and Karen Freifeld (JPMorgan Chase & Co.).

[28] Foreign and Commonwealth Office of the United Kingdom. Guidance: Overseas Business Risk – South Korea.

Last updated May 27, 2014, and published on gov.uk. Online: >https://www.gov.uk/government/publications/overseas-business-risk-south-korea/overseas-business-risk-south-korea<

[29] Id.

[30] Daniela Forte. South Korea Stands Out as Ecommerce Market for U.S. Retailers. Published June 19, 2014, on multichannelmerchant.com. Online: >http://multichannelmerchant.com/must-reads/south-korea-stands-out-in-ecommerce-market-for-u-s-retailers-19062014/<

[31] The Associated Press. Korea has nearly as many cell phones as people. Last updated January 28, 2009, and published on nbcnews.com. Online: >http://www.nbcnews.com/id/28893283/ns/technology_and_science-tech_and_gadgets/t/korea-has-nearly-many-cell-phones-people/#.VFKb0xbClGM<

[32] Id., and supra note 30.

[33] Supra note 30.

[34] Reuters. Paper is passe for tech-savvy South Koreans. Published Friday, May 9, 2008, on reuters.com. Online: >http://www.reuters.com/article/2008/05/09/us-korea-coupons-idUSS0914416520080509<

[35] Gordon Hamilton. Asia Pacific report: South Korea now a global technology tiger. Published November 25, 2013, on biv.com. Online: > http://www.biv.com/article/2013/11/asia-pacific-report-south-korea-now-a-global-techn/<

[36] Sarah Jones. South Korea boasts highest global credit card penetration: report. Published June 27, 2014, on luxurydaily.com. Online: >http://www.luxurydaily.com/south-korea-boasts-highest-global-credit-card-penetration-report/<

[37] Ekundayo George. The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 1 – Form Factors). Published November 1, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/11/01/the-100-faces-of-data-a-5-part-complex-systems-study-part-1/<

[38] Ekundayo George. To Gatto from Zubulake: 2 Thumbs-up for Better Information Governance/Anti-Spoliation. Published March 31, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/03/31/to-gatto-from-zubulake-2-thumbs-up-for-better-information-governanceanti-spoliation/<

[39] Ekundayo George. Data Protection and Retention in the Cloud: Getting it Right. Published March 11, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/< You cannot leave everything to a vendor or counterparty, if and when you are primarily responsible for your own security and the security of the data that you host at rest, in transit, or subject to access and change, for others.

[40] Terry Collins and Anne D’Innocenzio for The Associated Press. Twitter hackers nab data on 250,000 accounts. Published February 2, 2013, on ottawacitizen.com. Online: >http://www.ottawacitizen.com/business/Twitter+hackers+data+accounts/7911027/story.html<

[41] Ben Elgin, Dune Lawrence and Michael Riley. Coke Gets Hacked And Doesn’t Tell Anyone. Published November 4, 2012, on bloomberg.com. Online: >http://www.bloomberg.com/news/2012-11-04/coke-hacked-and-doesn-t-tell.html< This kind of silence is changing, however, due to increasing regulatory focus on cyber risks and cyber events, and a push for timely and full disclosure and remediation when it may impact the bottom line, systemically important entities, or public or investor confidence.

[42] China and India are the most populous nations on earth, with well over 1 Billion citizens, each; but comparatively (with all other nations) very low ratios of banked citizens, and citizens with access to organized credit facilities. The promised easing of China’s restrictions on foreign credit card issuers paves the way for many of the entry-market credit card products that we see in the West – secured cards, rechargeable cards, debit cards, and the like, along with the juicy fees for annual access, loading, overdrafts, late payments, cash advances, and per transaction. Of course, this will require the taking, keeping, and updating of vast amounts of data on a vast population; creating a single and captive, target rich environment of irresistible size that will remain very vulnerable to any lapses in data governance and/or cyber best practices. See generally Joe McDonald of The Associated Press. China easing credit card monopoly opening door for Visa, MasterCard. Published October 30, 2014, on ctvnews.ca. Online: >http://www.ctvnews.ca/business/china-easing-credit-card-monopoly-opening-door-for-visa-mastercard-1.2078518<

[43] Ekundayo George. Individual (allegedly) Wreaks Havoc with Former Employer – Another Teachable Moment in Infosec. Published May 16, 2013, on wordpress.ogalaws.com. Online: >https://ogalaws.wordpress.com/2013/05/16/individual-allegedly-wreaks-havoc-with-former-employer-another-teachable-moment-in-infosec-2/<

[44] See e.g. Supra note 12, Ben Elgin, Michael Riley, and Dune Lawrence (Home Depot).

IOT/M2M “Buscopf-Scope Table” (BST): a conceptual framework for industry and regulators.

October 5, 2013

The Internet of Things (IOT – also referred to as Machine to Machine communication, or M2M) is well on its way to reality, with a wide range of market penetration predictions and potential verticals for the savvy and aggressive providers who aim to tame it.  Intel projects 2015 uptake to be 3.8 billion devices globally; whilst 2020 projections are 30 billion devices from ABI Research, and 50 billion devices with “$14.4 “trillion in bottom-line potential”, from Cisco Systems.[1]  There were some very early movers, such as the European Union, for example, which established an Internet of Things (IOT) Working Group on August 10, 2010.[2]  Three years later, the United States Federal Trade Commission (FTC) has already initiated an enforcement action against an IOT service provider due to flawed security and false claims and misrepresentations in advertising.[3]  Now, following last year’s 4^th EU, IOT Conference,[4] regulators and industry everywhere, are swiftly strategizing and paving the way forwards:

(1) In South America, IoT World meets in Brazil, was held in São Paulo, from May 21-24, 2013;[5]

(2) In the Middle East, The M2M Middle East Forum, was held in Dubai, UAE, on September 22-23, 2013;[6]

(3) In North America, The 2013 M2M and Internet of Things (IOT) Global Summit, was held in Washington, D.C. from October 1-2, 2013;[7]

(4) In Africa, The 1st Workshop On The Internet Of Things (IOT 2013), is now scheduled for October 7, in East London, South Africa;[8]

(5) In Europe, The Internet of Things World Forum, is now scheduled for November 12-13, 2013, in London, UK;[9]

(6) In Asia, The Internet of Things Asia 2014 Exhibition and Conference, is now scheduled for April 21-22, 2014, in Singapore;[10]

The fact remains, however, that myriad options exist for vertical and horizontal exploitation of this space, and the same number of options – apparently subject to multiplication by itself – exists in the form of coordination, regulation, optimization, protocols, and security.  As a result, and due to the need to develop common understandings and definitions across these 6 (“six”) centers of gravity, we have devised and provided the within Table of 7 elements (on the X-axis), times 30 elements (on the Y-axis), as a conceptual framework for industry and regulators within and between these 6 centers of gravity, to utilize on internal deliberations and joint consultations.  Just select a coordinate where X and Y meet, conceptualize the kind(s) of IOT/M2M offering that would fit there, and strategize on the most appropriate or most preferable “iPages” for it or them (see note 2, below).  We hope it helps!

X-Axis (BUSCOPF):

BIODIVERSITY;

UTILITIES;

SECURITY;

CULTURE;

OFFICE;

PROJECTS/POLICIES;

FINANCE.

Y-Axis (SCOPE):

SERVICES (6):

-General/Government

-Regulated

-Integrated

-Personal/Apparel

-eBusiness

-Shared/Social

CONTROLS (5):

-Structure

-Product

-Infrastructure

-Emergency

-System

OPERATIONS (7):

-Supply/Logistics

-Communications

-Humanitarian

-Entry/Egress

-Municipal/Medical

-Economic/Exchange

-Scientific

PRODUCTS (7):

-Personal/Apparel

-Regulated

-Infotainment

-Networked

-Consumer

-eBusiness

-Shared/Social

EVALUATIONS (5):

-Efficiencies

-Insurance Risk

-Gathered Data

-Health & Safety

-Threats & Alerts

 

^©2013. S’imprime-ça (Ottawa, Canada). http://www.simprime-ca.com.  Free “BST” use, duplication, and distribution is permitted if including this attribution block verbatim.

 *********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy.  He is a published author on the National Security aspects of Environmental Law.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

---

[1] Alyssa Oursler, InvestorPlace Assistant Editor.  Morgan Stanley Gushes on the Internet of Things.  Analysts take a deep dive into the trend with 29-page note.  Published on investorplace.com, September 30, 2013.  Web: http://investorplace.com/2013/09/csco-morgan-stanley-internet-of-things/

[2] Euroalert.  Expert Group on the Internet of Things set up.  Published on euroalert.net, August 11, 2010.  Web: http://euroalert.net/en/news.aspx?idn=10271 This Expert Group now has 6 (“six”) sub groups, being one for each of identification, privacy, architectures, governance, ethics, and standards (I would call this “iPages“).  A Summary of their 10^th Meeting in Brussels, Belgium, in November 2012, is available here: http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1747

[3] See e.g. Paul.  With Settlement, FTC Issues Warning On IP-Enabled Cameras.  Published on securityledger.com, September 4, 2013.  Web: https://securityledger.com/2013/09/with-settlement-ftc-issues-warning-on-ip-enabled-cameras/

[4] Forum Europe.  Post-Conference Report from The 4th Annual Internet of Things Europe.  Shaping Europe’s Future Internet Policy – The road to Horizon 2020.  The Conference was held in Brussels, Belgium, on November 12-13, 2012.  Published on eu.ems.com.  Web: http://www.eu-ems.com/event_images/Downloads/IoT%20post%20conference%20report%20-%202012.pdf

[5] IoT World meets in Brazil, was held in São Paulo, Brazil, from May 21-24, 2013. Published on theinternetofthings.eu.  Web: http://www.theinternetofthings.eu/iot-world-meets-brazil-s%C3%A3o-paulo-21st-24th-may-2013

[6] The M2M Middle East Forum, was recently held in Dubai, UAE, on September 22-23, 2013.  Published on dmgeventsme.com.  Web: http://dmgeventsme.com/m2mforumme/

[7] The 2013 M2M and Internet of Things (IOT) Global Summit, was recently held in Washington, D.C. on October 1-2, 2013.  Published on eu-ems.com.  Web: http://www.eu-ems.com/summary.asp?event_id=173&page_id=1432

[8] The 1st Workshop On The Internet Of Things (IOT 2013), is scheduled for October 7, in East London, South Africa.  Published on isat.cs.uct.ac.za.  Web: http://isat.cs.uct.ac.za/IoT2013_Workshop/isat_web_iot/index.html

[9] The Internet of Things World Forum, is scheduled for November 12-13, 2013, in London, UK.  Published on internetofthingsconference.com.  Web: http://iotinternetofthingsconference.com/

[10] The Internet of Things Asia 2014 Exhibition and Conference, is scheduled for April 21-22, 2014, in Singapore. Published on internetofthingsasia.com.  Web: http://www.internetofthingsasia.com/

Cloud Contracts – What About Getting Yourself (and your data) out in a Hurry?

September 25, 2013

The recent announcement of pending closure for Nirvanix,[1] a CSP, highlights a number of points that I have often stressed as critical in data assessment prior to cloud usage, cloud vendor assessment, cloud contracting specifically, and data protection and retention in general.  These are:

1. “In addition – always (have) a detailed exit protocol with a combination of specific steps, cost structures, and room to negotiate if and where possible.  Cloud Vendors offering no exit strategy, or an overly-rigid or convoluted one, should be approached with high caution.”[2]

2. “If you have critical functionalities that have moved completely or almost completely to a cloud-based solution… then it is highly-advisable to have a backup cloud.”[3]

3. Protect and backup your data as per your assessment of the V5 Interplay “…the mix of data volume, velocity, variety, value, and vulnerability that determines the how, where, and how often you back it up; amongst other distinct operations and/or management tasks.”[4]

4. Mature cloud users should be in a state where “Legal counsel sufficiently aware of the Cloud’s advantages and disadvantages to advise you, can draft or review your Cloud Services Agreements, or negotiate them from the outset, if the latter option is actually made available to you by the Vendor.”[5]

To now learn that many large and systemically significant entities in a host of industries have massive amounts of data with this one provider that they are now rushing to remove before the pending shutdown,[6] is quite worrying in terms of Cybersecurity, Cloud best practices, and attendant potential legal liability.

OPTIONS:

Of course, any speculation is pure speculation, as I have no personal knowledge of their arrangements, whether or not these exits are orderly, or if they will be concluded in good time.  However, one would expect that:

(i) for the most critical data in that V5 interplay;

(ii) multiple CSPs should have been used;

(iii) offsite backup should not have been automatically discontinued;

(iv) a detailed exit protocol (“cloud emigration”) would have been contractually agreed-upon in advance, with access to the key or contracted staff – including migration/emigration as a service providers or other such specialists;

(v) guaranteed continued availability of staff and data as was already specified in the original SLA; and

(vi) either CSP insurance (as with employment practices insurance, business interruption or business continuity insurance, or some such), a portion of the client fees segregated in advance by lockbox arrangement to pre-fund an orderly exit, or any host of other arrangements to cover those exit costs, would have been specified as preconditions for entering into a cloud services agreement in the first instance, laid-out in detail, mutually agreed, practiced and reviewed for updates from time to time, and enacted as and when needed.

CONCLUSIONS:

This case is quite instructive, and many cloud users will, doubtless, take note and a few pointers for their own contracts (whether as promptly amended or when next renewed), so as to avoid future problems when this kind of situation replicates, or any other foreseeable or unforeseen eventuality causes a similar rumble of thunder to ripple across the Cloud-sphere.  They must be able to promptly, securely, and in an organized fashion “rein-in” and “reel-back” their uploaded data from the cloud, without having their own clients and data subjects rain thunder and lightning down on them, for any failure to so do.[7]  If their data gets stuck in CSP insolvency wranglings, then a whole host of new twists and turns will develop.

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George is a published author in Environmental Law and Policy (National Security aspects), and has sector experience in healthcare, communications, financial services, real estate, international trade, eCommerce, Cloud, and Outsourcing.

 

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, high stakes, strategic projects (investigations, procurements, and consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

 

---

[1] Isha Suri.  Nirvanix Closing Down, Gives Two Weeks’ Notice of Service Shutdown.  Published on siliconangle.com, September 24, 2013.  Web: http://siliconangle.com/blog/2013/09/24/nirvanix-closing-down-gives-two-weeks-notice-of-service-shutdown/

[2] Ekundayo George.  To Cloud or Not to Cloud: What are Some of the Current, Most Pertinent Pros and Cons?  (at “Disadvantages potential – Vendor Inelasticity”).  Published on ogalaws.wordpress.com, December 28, 2011.  Web: https://ogalaws.wordpress.com/2011/12/28/to-cloud-or-not-to-cloud-what-are-some-of-the-current-most-pertinent-pros-and-cons/

[3] Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right (at “1. Backup Cloud).  Published on ogalaws.wordpress.com, March 11, 2013.  Web: https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/

[4] Id. at “4. Traditional off-Cloud Backup”, and at footnote 13).

[5] Ekundayo George.  In who’se pocket is your data packet? – International Data Governance (at “d”).  Published February 6, 2013.  Web: https://ogalaws.wordpress.com/2013/02/06/in-whose-pocket-is-your-data-packet-international-data-governance/

[6] Jeffrey Schwartz.  Cloud Storage Provider Nirvanix Goes Belly-Up, Customers Panic To Move Data.  Published on virtualizationreview.com, September 19, 2013.  Web: http://virtualizationreview.com/blogs/the-schwartz-cloud-report/2013/09/nirvanix-goes-belly-up.aspx?goback=.gde_1864210_member_275308263#!

[7] “Risk Management” (such as in preventing to the extent possible, planning for, and effectively prevailing with regard to this type of snafu) and “Stakeholder Management” (calming and reassuring those division heads and business unit leaders who’se core and critical functions are residing, and hopefully resiliently so, in the Cloud, during any time of crisis), have been identified as the new and added “need to have” softer business skills for IT professionals who plan to survive and thrive in the rapidly evolving (and reputedly short-skilled) Cloud space.  See Steve Ranger.  Big data, cloud computing experts hard to hire, bosses admit.  Published on techrepublik.com, September 23, 2013.  Web: http://www.techrepublic.com/blog/european-technology/big-data-cloud-computing-experts-hard-to-hire-bosses-admit/?tag=nl.e077&s_cid=e077&ttag=e077&ftag=TRE9ae7a1a.  For a broader overview of the changing nature of IT skills with regard to changing technologies, such as Cloud Computing, see Ekundayo George.  Why “will” IT jobs persist through changing technology, and why “must” IT initial education and ongoing training be both constant, and consistent?  Published on ogalaws.wordpress.com. June 5, 2013.  Web: https://ogalaws.wordpress.com/2013/06/05/why-will-it-jobs-persist-through-changing-technology-and-why-must-it-initial-education-and-ongoing-training-be-both-constant-and-consistent/

Why “will” IT jobs persist through changing technology, and why “must” IT initial education and ongoing training be both constant, and consistent?

June 5, 2013

Some people have said that IT careers and IT jobs will disappear due to the advent and mainstreaming of Cloud applications, as well as IT commoditization and outsourcing that will close data centers en masse.  Indeed, one author in 2012 directly predicted a coming re-imagination or demise, of 4 (“four”) specific IT roles and career paths, namely: (i) Programming; (ii) Datacenter; (iii) Data Technology; and (iv) Security.[1]  My detailed thinking on these predictions is more specifically laid-out below, in the “Analysis” section.

Will IT Jobs Disappear?

Such projections are in error, at best!  Consider this statement regarding current IT role disruptions:

“The more interesting lesson is the tectonic shift in computing away from the device and software residing on the device, to data and applications access on a variety of form factors and connected operating systems”.[2]

In-house, traditional data centers are there to ensure that data and applications can be accessed from devices near and far; cloud computing data centers are there to ensure that data and applications can be accessed from devices near and far; IT staff are needed in both cases to troubleshoot, ensure that those devices and/or the servers are configured to “play nicely” with each other, and otherwise act when the system cannot itself, or its subsystems will not themselves, fail-over, add or reduce capacity, self-diagnose, grant access to technicians and tours to top brass, run out with backup tapes or portable  hard drives when all else “really” fails, things fall apart, and the (data) center cannot hold,[3] and so on.  Even when printing money and coins (stamps are less used in the West nowadays, due to the rapidity of mobility, and courier efficiencies), human eyes are still needed for that final quality control function Indeed, the case is also and stringently made that there is in fact an accelerating skills shortage in IT.[4]

What then, has changed to make the human factor suddenly obsolete?

I would say nothing, because the more things change, outwardly, the more they stay the same, behind the scenes, as IT jobs and IT professionals will always be needed; albeit with skills–sets that are both more diverse and more specialized at one and the same time, due to an increasing complexity of things.

“We estimate that by 2016 approximately 106,000 ICT jobs will need to be filled in Canada with demand for critical jobs far exceeding the supply. This figure will be further compounded if we account for the new emerging ICT sectors.  Canada is also competing in an increasingly tight labour market, emerging global economies such as Brazil, Russia, India, China and South-Africa (BRICS) are achieving unprecedented economic growth using new energy, telecommunications and information technologies”.[5]

Let us look, then, at 7 (“seven”) specific area examples to help demonstrate how and why this must be.

7 Examples as Proof of IT’s Adaptability, Persistence, and Traction (APT).

1. Cloud applications.

Late last year, there came the headline story – “Almost 1.7 Million Cloud-Related Jobs Went Unfilled in 2012: Estimate“.[6]  That’s a lot of jobs!  However, what is the Cloud and what might those jobs be, some doubtless asked?  In the 6 (“six”) months since the article was published, many of those who asked may now know a little more about the Cloud.  For others, however, an overview may help give perspective.

                                What is Cloud Computing (“Cloud”)?

According to data from the United States’ National Institute of Standards and Technology (NIST):

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.  This cloud model promotes availability and is composed of five essential characteristics (On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured Service); three service models (Cloud Software as a Service (SaaS), Cloud Platform as a Service (PaaS), Cloud Infrastructure as a Service (IaaS)); and, four deployment models (Private cloud, Community cloud, Public cloud, Hybrid cloud). Key enabling technologies include: (1) fast wide-area networks, (2) powerful, inexpensive server computers, and (3) high-performance virtualization for commodity hardware”. [7]

Unfortunately, this NIST data is already behind the market as the Cloud is advancing so fast.  There are now no less than 7 (“seven”) well-identified Cloud service models, being: Software as a Service (SaaS),[8] Security as a Service (SecaaS),[9] Platform as a Service (PaaS),[10] Infrastructure as a Service (IaaS),[11] Networking as a Service (NaaS),[12] Data as a Service (DaaS),[13] and Migration as a Service (MaaS).[14]

                                Which are the Cloud Jobs?

An October, 2012 article identified the following 10 (“ten”) IT jobs as in-demand Cloud careers;[15] being:

(I) Cloud Architect; (II) Cloud Software Engineer; (III) Cloud Sales; (IV) Cloud Engineer; (V) Cloud Services Developer; (VI) Cloud Systems Administrator; (VII) Cloud Consultant; (IIX) Cloud Systems Engineer; (IX) Cloud Network Engineer; and (X) Cloud Product Manager.

The takeaway, is that “professionals who are experts in cloud computing, software as a service and virtualization are in high demand, but those with combined skills in server, software and networking are the most sought after in the current IT job market”.[16] Add to this, another recent survey that concludes: “[c]loud related skills represent virtually all the growth opportunities in IT employment worldwide as demand for cloud-related positions grows.”[17]  Together, these findings put to rest any assertion that datacenter jobs will disappear, because servers are housed in data centers and data farms, and the need for them as well as the IT staff to tend to and manage them, is increasing with time and Cloud uptake.

Where is Cloud Heading – Long term?

In response to the PWC/Digital IQ Report that presented this year’s top 10 technology trends for business, I pondered this year’s top 5 technology trends for consumers;[18] one of which was EULA3.  This term co-represents: (i) End-User Legal Authority (free rein to develop and customize screen savers, fonts, skins, and avatars to their liking, after download from developers with the IP rights therein); (ii) End-User License Autonomy (lawful unlocking of devices and to remove geographic restrictions, freedom from multi-year service contracts, number portability, rights to opt-out of geo-tracking, receiving ongoing service or functionality updates, and in the EU, a right to be free from pre-sale, bundled OEM-ware; and (iii) End-User Leveraged Ability (massively enhanced remote and mobile collaboration and empowerment tools and technologies, in “online groups, archives, fora, encyclopedias, and societies”).[19]

My focus here, is on the leveraged ability, that allows for more creativity, collaboration, commentary, commerce, connections, and cloud applications.[20]  Within and as a result of this leveraged ability, I see the coming offering of Economies as a Service/Elasticity as a Service (EaaS).  This will go beyond the mere discrete, standalone offerings of storage, ERP, and data analytics, to offer specific enterprise-level function and service suites that are customizable to users of various sizes, and that help customers to cut-down on their overhead in a still very tight global economic climate.

I can think of 10 (“ten”) such scalable suites right now, being: (1) Administration; (2) Compliance; (3) Efficiencies (requirements analyses, efficiency audits, business process reengineering, and big data analytics with recommendations and action on same, all from one vendor– essentially, management consultant services on demand, with M2M delivery in eFormat); (4) Facilities management (electronic and sensory, in M2M/SCADA); (5) General Counsel (as outsourced to on-call, geographically distributed providers through a Cloud contact point); (6) Human Resources; (7) Operations and Development; (8) Research and Development; (9) Sales (as tasked to geographically distributed operatives, on-call in the requisite locations- little travel needed; and (10) Treasury (audit, bookkeeping, and capital markets).[21]

Which Cloud sub-sectors will likely lead?

In a 2012 report for the EU, IDC predicted that the market for public cloud services in Europe would grow at a compound, annualized, 35% (“thirty-five percent”) from 2011 to 2014, despite structural challenges (security, infrastructure, standardization), and the continued tight economic climate.[22]  IDC further posits that “[…] the diffusion of cloud computing is expected to generate substantial direct and indirect impacts on economic and employment growth in the EU, thanks to the migration to a new IT paradigm enabling greater innovation and productivity”.[23]  Admitting that jobs will both be lost and created, “the cloud market is expected to be a driver of net creation of employment in the medium term”, regarding the European economy through 2020; with their estimate of the number of European cloud industry jobs then existing, ranging from 1.3 million to 3.8 million.[24]

Globally, IDC’s results from an Infosys-sponsored July, 2012 survey of 326 large companies across the US, Germany, France, and the U.K. found that, 2 out of 3 were adopting the cloud, with private cloud more popular than public or hybrid cloud.[25]  While cloud strategy in Europe is more developed, it is standalone and needs to be integrated into a larger “whole of IT” approach; U.S. cloud adoption lags behind, but this is due to its being part of a “whole of IT” planning process with many stakeholders.[26]  According to IDC, many survey respondents across the board were reportedly dabbling in “public cloud for some specific areas, but when it comes to the core IT environments, they are starting out with private cloud. Connecting the two into a hybrid model is gaining momentum”.[27]

                                Why use the Cloud?

In essence, “cloud computing simply capitalizes on the need of a business to manage costs, stick to its core competencies and outsource the rest”.^[28]  Services and servers formerly managed in house with capital expenditures, can now be managed by vendors as operational cost items, and expensed.  “Companies want to escape IT equipment and support costs, but there are also certain applications and data that large enterprises especially are unlikely to ever let out of their sight and perimeters, King said. That is why the hybrid model works pretty well for many companies right now”.^[29]

2. Mobility.

“Digitization—the mass adoption of connected digital services by consumers, enterprises, and governments— is far more than a disruptive wave washing over isolated industries.  We have long since recognized that reality.  Digitization is a fundamental driver of economic growth and job creation the world over- in both developed and emerging markets”.[30]

Within the home and other fixed locations, this digitization has permitted the visual TV broadcast format to shift in many locales to High Definition, allowing for clearer pictures, denser colours and images, and added content and utilities.  In addition, ubiquitous computing is now the default mode, with digitization and packetization, and smartphones and tablets fast-nearing the raw computing power of earlier laptops; if not surpassing them in both that, and storage capacity, through the availability of add-on storage and memory card capacity. Customer-facing cloud applications (online photo storage, social media profile pages, and available-anywhere office productivity and document processing or management service offerings), all benefit from the spread of digitization and the ongoing drop in memory and hardware costs.  Taken together, these developments have enabled location independence, geo-tagging, behavioural marketing, and social business on a hitherto unprecedented scale.

“IT” with regard to mobility ranges from applications, through form factors, to networking, diagnostics, and data analytics.  Similarly, “convergence” in general, means that the field of mobile computing is already broad and deep,[31] and continues to grow with the expanding market for existing form factors (laptop, tablet, smartphone), and ever more innovative offerings to come. Even though some employers eschew creating and implementing BYOD policies for their increasingly mobile workforces (a dangerous oversight, in my opinion), while others re-think or seek to restrict aspects of the whole “mobility” dimension of work,[32] I really cannot envisage ITs mobility-enabling skills-sets facing any realistic danger of impending obsolescence.

3. Operational and ongoing improvements.

In the words of the American Society for Quality (ASQ): “[c]ontinuous improvement is an ongoing effort to improve products, services or processes.  These efforts can seek “incremental” improvement over time or “breakthrough” improvement all at once”.[33] Of course, improving the individual (skills and abilities), can also lead to improving the product, service, or process – including of business processes and in separate business cost centres.  Aside from the plethora of quality measures and quality improvement models, perhaps the simplest offering suggested by ASQ, is the P-D-C-A cycle, which stands for:

(i) Plan (identify opportunities and strategize for their exploitation);

(ii) Do (roll-out a pilot or beta of the change as planned);

(iii) Check (analyze the results and determine whether the desired result was achieved);

(iv) Act (Proceed on a larger scale if successful, or revise if not, with ongoing assessment in both cases).[34]

In the current and evolving IT environment, the need for operational and ongoing improvements is driven by a desire for post-merger, acquisition, or restructuring economies of scale; improved efficiencies in a very tight global economy and hyper-competitive climate; and to increase security in the face of heightened governance, risk, and regulatory compliance (GRC) requirements, and Cybersecurity exposures and events. Automated systems (after human programming), can gather and crunch a vast quantity of data in terms of Enterprise Resource Planning (ERP), Privacy Impact Analysis (PIA), Security and Risk Analysis (SRA), and Threat Risk Assessment (TRA).  However, in the three common, broad stages of all these activities (identification, assessment, mitigation), human input is indispensable to catch the nuances, round-out the corners, and otherwise right-size and customize both process and result.  IT professionals will always be needed to plan, to do, to check and double-check, and to act.

4. Networking.

Networking has come very far since it was merely a question of connecting desktops to servers, and making sure that different servers or server versions and their operating systems (usually all in the same place or distributed corporate space or ecosystem), all meshed well together.  Now, we network across availability zones in region, time zones, and definitely different ecosystems.  With the speed at which technology is currently advancing and generations of IT are maturing,[35] there will always be “legacy” systems in the mix, and this will require the presence of professionals who know and are familiar enough with the idiosyncracies of these legacy systems to service and maintain them.  As with the Basic, Fortran, and Pascal programming languages (which are still used, in some places), someone somewhere, will always be needed into the foreseeable future.  This peculiarity will come into the clearest focus when data must be migrated from these legacy systems, and it can only be done the hard way.  Networking also gains importance with the mainstreaming of Supervisory Control and Data Acquisition (SCADA), the Internet of Things (IoT) or Machine to Machine (M2M) communication[36] – as enabled and enhanced by MEMs[37], Software-Defined Networking (SDN), and of course, Cloud Computing.  These, in their turn, further fuel the “apolitical” socialization of business, living, and leisure.

5. Virtualization.

“The term virtualization is commonly used to refer to the creation of multiple virtual servers that operate on one physical computer. Virtualization uses fewer physical resources to do an increased amount of work in a virtual environment, cuts the costs of purchasing expensive hardware for computers, uses less physical storage space and reduces costs to power and cool physical computers”.[38]

As stated, virtualization has many benefits; including heightened productivity and cost savings.  However, the need for real human beings will persist.  Additional solutions enabled by virtualization include advanced gamification (both single user and multi-user), eLearning, and social business with real time product and service demonstrations, serious streaming and graphics, and simultaneous screen-in-screen separate software instances for multitaneous collaboration, creativity, and other connections.  Content is key, so there will always be a need for IT professionals across the 15 (“fifteen”) phases of the following, proposed new “horseshoe waterfall” software development process (up from the classic 6):

1. Requirements Analysis phase (PIA, ERP, SRA, TRA, and Objective-oriented Risk Identification);

2. Programming & Development phase (design, documentation, IP, cross-disciplinary “play-in/pet-in”[39]);

3. Vendor Development Testing phase (Quality, Usability, Interfaces, Performance, Stability – “QUIPS¹”);

4. Application Security Testing (by subsystem, including to regulatory standard/industry metrics);

5. Contract Modeler/Tweaker phase (add-ons, P3 standalone software, and software for hardware);

6. P3 Development Testing phase (Quality, Usability, Interfaces, Performance, Stability – “QUIPS²”);

7. Vendor Integration phase (collective work of all subsystems & add-ons; documentation & IP updates);

8. Application Security testing (complete system by Vendor, and by user panel on late-stage beta);

9. White Hat phase (QUIPS³; with penetration testing, and to regulatory standard/industry metrics);

10. Feedback Integration phase (rectifications, new requirements, ruggedizing for special orders);

11. Deployment phase (with customer training, static testing, and onsite and remote debugging);

12. Implementation Validation phase (QUIPS⁴ ; with training, operational testing, and debugging);

13. Maintenance and Support phase (updates, patches, customer service, technical support);

14. Customer and Industry Feedback Analysis phase (knowledgebase, data analytics, planning);

15. Re-start at phase 1, 2, or 5: (next generation solution, fully new iteration, or market re-focus).

The falls are shaped like a horseshoe because the water can fall from several places or points at once, because the phases can easily overlap, and because the constant cycle of water never stops; so nobody can peer into the resulting product whirlpool and determine from where, or when, something fell-in.

6. Innovations.

The predictable thing about change, is that it will be constant.  Whether or not you define it as progress, technology innovations will generally have knock-on effects that include additional innovations.  This is a given, as items and areas rendered obsolete will be replaced, and those that wish to resist obsolescence, will make speedy and aggressive moves to adapt to that “new normal”.  From mainframes, through PCs, laptops, smartphones, tablets, and wearable IT[40] and other solutions, innovation feeds upon itself, and knowledgeable IT personnel will always be needed to make things work, adapt, and counter-adapt with concatenating advances in miniaturization[41] and processing power spurring “chipification”[42] of ever more discrete utilities and ecosystems to enable higher functions, remote diagnostics, and interoperation.  Current and developing form factors including wearables (heartrate monitors), scannables (QR codes and RFID), flyables (drones), drivables (smart cars and next generation autopilot), and as enabled by current (Gesticuloperation – i.e. operation by voice, clap, and hand signals in the likes of Microsoft Kinect, Sony Wii, interior lighting, and otherwise by voice or eyesight recognition), or Google Glass, and future tech., will likewise still demand contributions from multifaceted IT personnel.

7. Predictive Analytics.

Big Data is here to stay, due to the proliferation of ways in which it is collected, and the depth and detail with which it is being concatenated.  Businesses will need ever-more powerful and intuitive ways to crunch and package its content, whether for ERP, CRM, or other predictive data analytics.[43]  We already see automated resume sorting, but the human eye and brain will still be needed to develop and tweak the software, perform quality checks, and deal with data input delays (illegible writing that won’t scan, jammed paper in scanner input feeds, and machine maintenance and downtime for whatever reason).

ANALYSIS:

                Rightly Forecast to Stay.

While the 2012 ICTC briefing identified 3 (“three”) specific areas of greatest need and growth potential in the prevailing IT skills shortage: Mobile Computing, Cloud Computing, and creative online content (Social Business),[44] IBM’s study of the global IT picture found a fourth: Business Analytics.[45]   Looking at the above 7 areas, Cloud computing touches (at least), 1, 5, 6, and 7; Business Analytics, touches (at least), 3, 4, 6, and 7; Mobile Computing, touches (at least), 2, 4, 6, and 5; and Social Business, touches (at most), 1 through 7.  I see no way that IT jobs or career paths can disappear any time soon.  The health of that sector may well ebb and flow, with economic growth and job prospects fluctuating back and forth; but ITs adaptability, persistence, and traction (APT), give it true staying-power as a criss-crossing, sub-factor of production supporting that new factor of production, “information” – both of which now span mere land, labor, and capital,[46] and thusly remain indispensable bedrocks of modern and future society.

                Wrongly Forecast to Go.

Similarly, regarding the 4 (“four”) specific IT roles identified for re-imagination or extinction,[47] vis-à-vis the above 7 areas: Programming; Datacenter; Data Technology; and Security.  With regard to programming, the author states that the popular or most common computer languages will change.  I agree, but the older languages will not die-out, due to the reasons I gave above.  Similarly, with regard to data technology, the author states that the new and evolving paradigms will require IT professionals who are both more multifunctional and more capable of multitasking across different cost centres in the organization (IT, data analytics, PR, R&D).  With this, I also agree, because up-skilling should be a constant when the going is good, and retraining should remain an option should the paradigm shift.

My disagreements arise with regard to the author’s predictions for IT’s datacenter functions[48] and IT’s security functions,[49] which will supposedly be forever and irretrievably changed by Unified Communications (UC) protocols, outsourced to third-parties, and otherwise surpassed or subsumed by and within the ambit of, a variety of Cloud Services Providers (CSPs).

                Datacenter, specifically.

With regard to datacenter functions, machines can still not fully administer themselves, whether it is an airliner on autopilot, a nuclear power station, the switching center of a railway system, or a conveyor belt – which is supposed to stop by itself when something clogs the mechanism, but still has an emergency stop mechanism for the occasional “human” intervention.  I think that any prediction of the demise of these jobs and functions is premature or wishful thinking at best, and ill-advised at worst.

                Security, specifically.

With regard to security functions, it is worthwhile to note that evolving data protection and privacy standards set-out by legislation, as well as industry best practices across several fields, are severely limiting the extent to which an entity can outsource the “responsibility” that it does and must hold in-house, for the ultimate security of customer or client data; especially with regard to Personally Identifiable Information (PII), including within the financial services industry, and Personal Health Information (PHI), including within the healthcare sector.  This fact, alone, will mandate the persistence of the need for in-house skill sets in “security standardization, procedures, and auditing”[50], due to the necessity of verifying: (i) that third-party providers can and do perform as promised and required by law; (ii) that breach notification is timely and properly conducted, and that third-parties are aware of their contractual and legal responsibilities, as applicable; and (iii) that loss prevention, IT, managerial, and legal personal are all on the same page with regard to ERP, outsourcing, risk mitigation, and regulatory compliance across the entire IT ecosystem – whether in-house physical, in-house virtual, outsourced (including Cloud and offshoring), BYOD, or otherwise.  This security matrix must be complete, as omitted input will lead to omitted considerations, and avoidable losses that could rise to be in the extreme.

Even the much maligned practice of offshoring can have a net benefit to the outsourcing economy by pushing those it leaves behind into higher, more skilled, and managerial roles that are needed locally.

“Outsourcing can help create opportunities that didn’t exist before,” […].  Recruiting more bodies in another country can “upskill” Canadian IT workers, boosting them into higher level managerial positions,[…].   “The jobs are slightly different than what they may have been before, but it actually is an economic addition, not necessarily a detractor from the economy and from the employment landscape.”[51]

CONCLUSION:

For the final word on this issue, I think Stephen C. Ehrman, summarized it best, when he wrote that:

“Each predictable doubling of chip power enables the development of surprising new tools for thinking, analyzing, studying, creating, and communicating in the world. Products and professions erupt, altering the content of some discipline, creating new fields, and compelling new forms of interdisciplinary collaboration in the wider world. The level of education required for many jobs is increasing as well. So technological change in the wider world both increases the number of people who need an education and changes what it is they need to learn as well.”[52]

I think that should do it!

************************************************************************

Author:

Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare privacy, Cloud applications, social media, and Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant, and GRC – governance, risk, and compliance investigations, audits, and counseling) in both Canada and the United States.  He is licensed to practice law in New York, New Jersey, and Washington, D.C.  Please See: http://www.ogalaws.com

He is an experienced strategic and management consultant; sourcing, managing, and delivering on high stakes, strategic projects with multiple stakeholders and multidisciplinary teams.  Please See: http://www.simprime-ca.com

Backed by courses in management, organizational behaviour and micro-organizational behaviour, and a Certificate in Field Security from the United Nations Department of Safety and Security (UNDSS), in New York, Mr. George is also a writer, tweeter and blogger (as time permits), and a published author in Environmental Law & Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.

---

[1] Kerry Doyle, MBA.  IT Roles Facing Extinction.  Published on globalknowledge.com by Global Knowledge Training LLC, 2012.  Online: >http://images.globalknowledge.com/wwwimages/pdfs/SR_IT_Roles_Facing_Extinction.pdf<

[2] Patrick Gray.  HP and BlackBerry abandon in-house tablet ecosystems.  Published in “Tablets in the Enterprise”, on techrepublic.com, May 24, 2013.  Online: >http://www.techrepublic.com/blog/tablets/hp-and-blackberry-abandon-in-house-tablet-ecosystems/3428?tag=nl.e101&s_cid=e101&ttag=e101<

[3] Tribute to the late Professor Albert Chinualumogu (Chinua) Achebe, (1930-2013), author of the timeless classic “Things Fall Apart” (first published in A.D. 1958).

[4] A sometimes heated debate persists on whether or not the United States is currently experiencing a skills shortage in graduates of Science, Technology, Engineering and Mathematics (STEM).  See e.g. (severe shortage exists): Society for Human Resource Management (SHRM).  The Ongoing Impact of the Recession – Recruiting and Skills Gap.  Published on shrm.org, March 12, 2013.  Online: >http://www.shrm.org/Research/SurveyFindings/Articles/Pages/SHRM-Recession-Recruiting-Skill-Gaps-Technology.aspx<; see contra (no shortage found): Economic Policy Institute (EPI).Hal Salzman, Daniel Kuehn, and B. Lindsay Lowell.  Guestworkers in the high-skill U.S. labor market: An analysis of supply, employment, and wage trends.  Published in “Immigration”, on epi.org, April 24, 2013.  Online:

>http://www.epi.org/publication/bp359-guestworkers-high-skill-labor-market-analysis/<

[5] In Canada, however, the skills shortage issue appears better settled – it exists!  See e.g. Namir Anani, President and CEO of the Information and Communications Technology Council (ICTC).  Briefing – HUMA – Fixing The Skills Gap and Understanding the Labour Shortages, at page 2.  Mr. Anani delivered this briefing in Ottawa, Canada, on April 4, 2012, before the Parliamentary Standing Committee on Human Resources, Skills and Social Development and the Status of Persons with Disabilities.  Published on ictc-ctic.ca.  Online: >http://www.ictc-ctic.ca/wp-content/uploads/2012/06/ICTC_HUMAPresentation_EN_04-12.pdf<

[6] Joe McKendrick.  Almost 1.7 Million Cloud-Related Jobs Went Unfilled in 2012: Estimate.  Published in “Tech”, on forbes.com, December 21, 2012.  Online: >http://www.forbes.com/sites/joemckendrick/2012/12/21/almost-1-7-million-cloud-related-jobs-went-unfilled-in-2012-estimate/<

[7] National Institute of Standards and Technology (NIST).  NIST Cloud Computing Program.  Online: >http://www.nist.gov/itl/cloud/index.cfm<

[8] PCI Security Standards Council: Cloud Special interest Group.  PCI Data Security Standard (PCI DSS), Version 2.0 – Information Supplement: PCI DSS Cloud Computing Guidelines, at 4.  Released March, 2013.  Online: >https://www.pcisecuritystandards.org/documents/information_supplement_11.3.pdf< Software as a Service (SaaS), is there defined by PCI SSC as: “[c]apability for clients to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser, or a program interface”.  See also Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right, at Note 1.  Published on ogalaws.wordpress.com, March 11, 2013.  Online: >https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/< SaaS offerings generally include tools for processing, analysis, accounting, CRM, and back-office functions, as delivered on a “pay by use or increment” basis.

[9] Michael Hafner, Mukhtiar Memon, and Ruth Breu.  SeAAS – A Reference Architecture for Security Services in SOA.  Published 1.9.09 in the Journal of Universal Computer Science (JUCS), vol. 15, no. 15 (2009), 2916-2936, at 2924. Online: >http://www.jucs.org/jucs_15_15/seaas_a_reference_architecture/jucs_15_15_2916_2936_hafner.pdf<

Security as a Service (SecaaS), is there defined by the authors, as:

“[…] the delivery of security functionality over infrastructure components in a service-oriented manner. For SOA, this means that security services are accessed through common Web services technologies and standards”.

As stated in that publication, SecaaS offerings generally encompasses services for: authentication, authorization, security compliance, security interoperability, cryptography and message processing, protocol-based security, and security monitoring and auditing.

[10] PCI Security Standards Council: Cloud Special interest Group.  PCI Data Security Standard (PCI DSS), Version 2.0 – Information Supplement: PCI DSS Cloud Computing Guidelines, at 4.  Released March, 2013.  Online: >https://www.pcisecuritystandards.org/documents/information_supplement_11.3.pdf< Platform as a Service (PaaS), is there defined by PCI SSC as: “[c]apability for clients to deploy their applications (created or acquired) onto the cloud infrastructure, using programming languages, libraries, services, and tools supported by the provider”.  See also Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right, at Note 2.  Published on ogalaws.wordpress.com, March 11, 2013.  Online: >https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/< PaaS offerings generally include tools for email, online backup, or desktops on demand, as well as middleware and raw development platforms.

[11] PCI Security Standards Council: Cloud Special interest Group.  PCI Data Security Standard (PCI DSS), Version 2.0 – Information Supplement: PCI DSS Cloud Computing Guidelines, at 4.  Released March, 2013.  Online: >https://www.pcisecuritystandards.org/documents/information_supplement_11.3.pdf<  Infrastructure as a Service (IaaS), is there defined by PCI SSC as: “[c]apability for clients to utilize the provider’s processing, storage, networks, and other fundamental computing resources to deploy and run operating systems, applications and other software on a cloud infrastructure”.  See also Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right, at Note 3.  Published on ogalaws.wordpress.com, March 11, 2013.  Online: >https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/< IaaS offerings generally include tools for collaboration, integration, and visualization, in scalable storage and server capacity on demand.

[12] Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right, at Note 4.  Published on ogalaws.wordpress.com, March 11, 2013.  Online: >https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/<  Network as a Service (NaaS), generally includes advanced virtualization tools such as bandwidth-on-demand for multiple VPNs-on-demand, and for cloud-to-cloud networking on-demand.

[13] Data as a Service (DaaS), generally includes the hosting and delivery-on-call of data that is both form factor independent and software independent, as its storage (static) and delivery (formatted) states will differ, and the data will only be transformed from one to the other as and when needed, and as optimized to form factor or use.  Increasing data analytics and in-house ownership of the crunched result, will spur growth in this DaaS (author).

[14] Migration as a Service (MaaS), refers to the transmission or translocation of clientele (users of blogs, wikis, chats, or other collaborative portals), data and databases (documents, files, spreadsheets and folders), capital operations and office suites (applications, business processes, or operating systems from version to version, or from server to server on premise), or services (emails and VOIP/voicemails); whether from one platform or service provider, to another (on-premise to cloud transforming capital expenditures to operating expenses, or cloud to cloud).  This can be done on a self-serve basis, or through a vendor.  The volume of data that many companies now command otherwise makes migrations quite expensive, and implies that MaaS will remain a growth area (author).

[15] Christine Burns, Network World.  Cloud careers: It’s a seller’s market.  Published on networkworld.com, October 8, 2012.  Online: >http://www.networkworld.com/supp/2012/enterprise5/100812-ecs-cloud-careers-262741.html<

[16] Id.

[17] Joe McKendrick.  Almost 1.7 Million Cloud-Related Jobs Went Unfilled in 2012: Estimate.  Published in “Tech”, on forbes.com, December 21, 2012.  Online: >http://www.forbes.com/sites/joemckendrick/2012/12/21/almost-1-7-million-cloud-related-jobs-went-unfilled-in-2012-estimate/<

[18] See Ekundayo George.  Ctrl-Shift-Del: 2013’s Top 5 Technology Trends for Consumers.  Published on ogalaws.wordpress.com, March 16, 2013.  Online: >https://ogalaws.wordpress.com/2013/03/16/ctrl-shift-del-2013s-top-5-technology-trends-for-consumers/<

[19] Id.

[20] See e.g. Ekundayo George.  Social Media Policies: Why have them, and what should they cover?  Published on ogalaws.wordpress.com, May 29, 2013.  Online: >https://ogalaws.wordpress.com/2013/05/29/social-media-policies-why-have-them-and-what-should-they-cover/<

[21] I see these enabling, at the very least: (i) ”eNUB“ (email, number, and URL banking); and (ii) “Work-Shifting”.

(i) eNUB will be the response of entities and employers to salesforce BYOD, now better able to take existing contacts, prospects, vendors, and sales peers with them, due to all knowing that contact number by heart.  Hence, even if that person’s entire eRolodex gets remote-wiped, they can still be reached by their now “good old friends”. So, with growing number portability and VOIP, employers will own and manage banks of mobile contact numbers (in addition to the URLs and emails they already tag-onto/under domain names), to prevent salesforce lead-bleed.

(ii) The growing ability, through advancing mobile device management (MDM) technologies to stop and start the delivery of emails, and to route and unroute calls to BYOD-enabled workers so that they are not troubled (into working costly overtime), outside the standard workday, will enable employers to more easily juggle the workflow between permanent and contract employees in different time-zones through disclosed/undisclosed jobsharing arrangements. Hence, less downtime in a new, cloud-enabled world of work-shifting, as opposed to shift-work.

See Tom Kaneshige, CIO.  Which Workers Are the Best Fit for BYOD?  Published on cio.com, May 14, 2013.  Online: >http://www.cio.com/article/733399/Which_Workers_Are_the_Best_Fit_for_BYOD_?taxonomyId=600007<

[22] IDC.  Quantitative Estimates of the Demand for Cloud Computing in Europe and the Likely Barriers to Up-take. SMART 2011/0045.  D4 – Final Report, at 30.  Published on ec.europa.eu, July 13, 2012.  Online: >http://ec.europa.eu/information_society/activities/cloudcomputing/docs/quantitative_estimates.pdf<

[23] Id. at 9.

[24] Id. at 9.

[25] Marianne Kolding.  IDC White Paper.  Adoption of Cloud: Private Cloud is Current Flavour but Hybrid Cloud is Fast Becoming a Reality, at 1-2.  Published on Infosys.com, September, 2012.  Online: >http://www.infosys.com/cloud/features-opinions/Documents/hybrid-cloud-becoming-reality.pdf<

[26] Id. at 2.

[27] Id. at 3.

[28] Peter Brown and Leonard T. Nuara, Co-chairs.  Cloud Computing 2011: Cut Through the Fluff & Tackle the Critical Stuff.  Intellectual Property Course Handbook Series.  Number G-1055, at 49.  Published in 2011 by the Practicing Law Institute, New York (PLI).

[29] TechRepublic.  Executive’s Guide to Best practices in SAAS and the Cloud, at 14.  Published in “Whitepapers”, on ZDNet.com, March 2013.  Online: >http://www.zdnet.com/executive-guide-to-best-practices-in-saas-and-the-cloud-free-ebook-7000012032/< The author quotes Charles King, principal analyst at Pund-IT.

[30] World Economic Forum and INSEAD.  The Global Information Technology Report 2013: Growth and Jobs in a Hyperconnected World.  Foreword by Cesare Mainardi, Chief Executive Officer, Booz and Company, at vii.  Published on weforum.org, 2013.  Online: >http://www3.weforum.org/docs/WEF_GITR_Report_2013.pdf<

The author takes care to point-out that while digitization brings benefits in both productivity and employment growth, there “may well come” a point of disequilibrium.  Similarly, there is a delicate balance to be found for the 3 (“three”) roles on the input matrix, being the roles of financier, facilitator, and direct developer.  Where and when the ratio is off, the national cake will not rise to meet the demand, or otherwise respond on command.

[31] See e.g. Guarav Kumar, Ph.D., Assistant Professor, Department of Computer Applications, Chitkara University, Rajpura, Punjab.  Career Guide: Career in Mobile Computing and Wireless Technology.  Published in Employment News Weekly, 25 May – 31 May, 2013, issue (No. 08), on employmentnews.gov.in.  Online: >http://www.employmentnews.gov.in/career_in_mobile.asp< This article and the sheer diversity of the career streams here listed provide a very clear idea of just how vast the mobile field now is, and promises to become.

[32] See e.g. Kara Swisher.  “Physically Together”: Here’s the Internal Yahoo No-Work-From-Home Memo for Remote Workers and Maybe More.  Published on allthingsd.com, February 22, 2013.  Online: >http://allthingsd.com/20130222/physically-together-heres-the-internal-yahoo-no-work-from-home-memo-which-extends-beyond-remote-workers/<

[33] American Society for Quality (ASQ).  Continuous Improvement.  Published on asq.org, at Continuous Improvement Model – Learning Resources.  Online: >http://asq.org/learn-about-quality/continuous-improvement/overview/overview.html<

[34] Id.

[35] Jonathan Huebner, Ph.D.  A possible declining trend for worldwide innovation.  Published 2005, in Technological Forecasting & Social Change 72 (2005) 980-986, at 981, on sciencedirect.com.  Online: > http://accelerating.org/articles/InnovationHuebnerTFSC2005.pdf<

 

“There is a general consensus that technology is advancing exponentially, and that this advance will continue into the distant future. The basic assumption behind this view is that either there is no limit to technological advance, or if there is a limit, then we are far from reaching it.”

[36] See Infra, note 41.

[37] Visa.  The Future of Technology and Payments report: More of the Same (2^nd edition, printable version), at pp. 10-11.  Published by Visa, on visaeurope.com, April 24, 2013.  Online: >http://www.visaeurope.com/en/about_us/industry_insights/tech_trends.aspx<

“We therefore expect to see the progressive deployment of so-called Microelectromechanical systems (MEMs).  These minute devices, generally smaller than a square-millimetre, typically comprise of a microprocessor plus a sensor or actuator. Already, they are common components within consumer devices acting, for example, as accelerometers or gyroscopes. (…)”.

 

“For the future, the use of MEMs seems destined to become more widespread. More exotic sensors will become available (capable, for example, or checking blood pressure or glucose levels). Their proliferation could therefore enable the so-called “internet of things” (…). And, in the coming years, IBM holds out the prospect of a trillion connected d devices (…) – that equates to one hundred smart objects for every person on our planet”.

[38] Megan M. Kearney, Esq.  Faster Than the Speed of Law: Technological Advancements Generate a Host of Novel Legal Concerns.  Originally published in The Philadelphia Lawyer, Winter 2011, “Intellectual property law”, pepperlaw.com.  Online: >http://www.pepperlaw.com/pdfs/PhilaLawyer_Kearney.pdf<

[39] See e.g. Lucas Mearian, Computerworld.  The Time is Right for an ‘IT Petting Zoo’.  Published on cio.com, June 5, 2013.  Online: >http://www.cio.com/article/734452/The_Time_is_Right_for_an_IT_Petting_Zoo_?taxonomyId=600007<

[40] Canadian Manufacturing Daily Staff.  Ontario firm gets federal funding for wearable lithium-ion pack.  Published on canadianmanufacturing.com, April 23, 2013.  Online: >http://www.canadianmanufacturing.com/general/ontario-firm-gets-federal-funding-for-wearable-lithium-ion-pack-101574<

[41] Fundación de la Innovación, Bankinter, and Accenture.  Future Trends Forum (FTF) Series, Number 15: The Internet of Things – In a Connected World of Smart Objects.  Chapter 3, at page 37.  Published on fundacionbankinter.org, in 2011.  Online: >http://www.fundacionbankinter.org/system/documents/8189/original/XV_FTF_Interneto_of_things.pdf< 

 

“More than half a century on from the days of mainframe computers that took up whole rooms, components are becoming smaller and smaller, enabling faster and more powerful computers to be developed. This physical layer occupies less space, making it easier to connect practically anything, anywhere, anytime. What we are seeing is the phenomenon of miniaturization”.

 

[42] Supra note 37.

[43] Toni Bowers.  IT needs to understand the move from BI to data analytics.  Published in “Tech Decision Maker”, on techrepublic.com, May 28, 2013.  Online: >http://www.techrepublic.com/blog/tech-manager/it-needs-to-understand-the-move-from-bi-to-data-analytics/8277?tag=nl.e099&s_cid=e099&ttag=e099<

[44] Namir Anani, President and CEO of the Information and Communications Technology Council (ICTC).  Briefing – HUMA – Fixing The Skills Gap and Understanding the Labour Shortages.  Mr. Anani delivered this briefing in Ottawa, Canada, on April 4, 2012, before the Parliamentary Standing Committee on Human Resources, Skills and Social Development and the Status of Persons with Disabilities.  Published on ictc-ctic.ca.  Online: >http://www.ictc-ctic.ca/wp-content/uploads/2012/06/ICTC_HUMAPresentation_EN_04-12.pdf<

[45] See IBM.  Fast Track to the Future: The 2012 IBM Tech Trends Report.  Published by the IBM Center for Applied Insights, on ibm.com, December, 2012.  Online: >https://www.ibm.com/developerworks/community/blogs/techtrends/?lang=en<

[46] Supra note 41, at 18.  “Just as in an agricultural economy, the factors of production were land and labor, and in an industrial economy they were capital and labor, information has become the production factor of the twenty-first century”.

[47] Kerry Doyle, MBA.  IT Roles Facing Extinction.  Published globalknowledge.com, by Global Knowledge Training LLC, 2012.  Online: >http://images.globalknowledge.com/wwwimages/pdfs/SR_IT_Roles_Facing_Extinction.pdf<

[48] Id. at 3.  “Gone are the service technicians responsible for rewiring and maintenance.  UC makes those skills unnecessary.  In the future, one or two systems analysts will centrally handle communication implementation and flow from within the datacenter”.

[49] Id. at 4.  “Within organizations, gone are the traditional back-up and recovery skill sets which will be relegated to third-party providers”. (…)  “Gone are the technicians who relied on security standardization, procedures, and auditing”.

[50] Id. at 4.

[51] Brian Bloom.  IDC: Offshoring IT keeps Canadian firms competitive.  Published for Computing Canada in itworldcanada.com, June 14, 2012. The quotation is from Jason Trussell, senior vice-president and Canadian regional manager at iGate Inc.  Online: >http://www.itworldcanada.com/news/idc-offshoring-it-keeps-canadian-firms-competitive/145611<

[52] Stephen C. Ehrman, Ph.D.  Technology and Revolution in Education: Ending the Cycle of Failure.  Published in Liberal Education, Fall (2000) 40-49, at “Double Double Toil and Trouble: Moore’s Law”.  This penultimate draft of the final article is available through The TLT Group (Teaching, Learning, and Technology), on tltgroup.org.  Online: >http://www.tltgroup.org/resources/V_Cycle_of_Failure.html