US Warns of New Hacking From China-Linked Group

The U.S. government warned Wednesday that a hacking group widely known as cloudhopper, which Western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.

The Department of Homeland issued a technical alert for cloudhopper, which it said was engaged in cyber espionage and theft of intellectual property, after experts with two prominent U.S. cybersecurity companies warned earlier this week that Chinese hacking activity has surged amid the escalating trade war between Washington and Beijing.

Chinese authorities have repeatedly denied claims by Western cybersecurity firms that it supports hacking.

Homeland Security

Homeland Security released the information to support U.S. companies in responding to attacks by the group, which is targeting information technology, energy, health care, communications and manufacturing firms.

“These cyber threat actors are still active and we strongly encourage our partners in government and industry to work together to defend against this threat,” DHS official Christopher Krebs said in a statement.

The reported increase in Chinese hacking follows what cybersecurity firms have described as a lull in such attacks prompted by a 2015 agreement between Chinese President Xi Jinping and former U.S. President Barrack Obama to curb cyber-enabled economic theft.

“I can tell you now unfortunately the Chinese are back,” Dmitri Alperovitch, chief technology officer of U.S. cybersecurity firm CrowdStrike, said Tuesday at a security conference in Washington.

“We’ve seen a huge pickup in activity over the past year and a half. Nowadays they are the most predominant threat actors we see threatening institutions all over this country and Western Europe,” he said.

Analysts with FireEye, another U.S. cybersecurity firm, said that some of the Chinese hacking groups it tracks have become more active in recent months.

Advice to US firms

Wednesday’s alert provided advice on how U.S. firms can prevent, identify and remediate attacks by cloudhopper, which is also known as Red Leaves and APT10.

The hacking group has largely targeted firms known as managed service providers, which supply telecommunications, technology and other services to business around the globe.

Managed service providers, or MSPs, are attractive targets because their networks provide routes for hackers to access sensitive systems of their many clients, said Ben Read, a senior intelligence manager with FireEye.

“We’ve seen this group route malware through an MSP network to other targets,” Read said.

North Korea Said to Have Stolen a Fortune in Online Bank Heists

North Korea’s nuclear and missile tests have stopped, but its hacking operations to gather intelligence and raise funds for the sanction-strapped government in Pyongyang may be gathering steam.

U.S. security firm FireEye raised the alarm Wednesday over a North Korean group that it says has stolen hundreds of millions of dollars by infiltrating the computer systems of banks around the world since 2014 through highly sophisticated and destructive attacks that have spanned at least 11 countries. It says the group is still operating and poses “an active global threat.”

It is part of a wider pattern of malicious state-backed cyber activity that has led the Trump administration to identify North Korea — along with Russia, Iran and China — as one of the main online threats facing the United States. Last month, the Justice Department charged a North Korean hacker said to have conspired in devastating cyberattacks, including an $81 million heist of Bangladesh’s central bank and the WannaCry virus that crippled parts of Britain’s National Health Service.

DHS offers warning

On Tuesday, the U.S. Department of Homeland Security warned of the use of malware by Hidden Cobra, the U.S. government’s byword for North Korea hackers, in fraudulent ATM cash withdrawals from banks in Asia and Africa. It said that Hidden Cobra was behind the theft of tens of millions of dollars from teller machines in the past two years. In one incident this year, cash had been simultaneously withdrawn from ATMs in 23 different countries, it said.

North Korea, which prohibits access to the world wide web for virtually all of its people, has previously denied involvement in cyberattacks, and attribution for such attacks is rarely made with absolute certainty. It is typically based on technical indicators such as the Internet Protocol, or IP, addresses that identify computers and characteristics of the coding used in malware, which is the software a hacker may use to damage or disable computers.

But other cybersecurity experts tell The Associated Press that they also see continued signs that North Korea’s authoritarian government, which has a long track record of criminality to raise cash, is conducting malign activity online. That activity includes targeting of financial institutions and crypto-currency-related organizations, as well as spying on its adversaries, despite the easing of tensions between Pyongyang and Washington.

“The reality is they are starved for cash and are continuing to try and generate revenue, at least until sanctions are diminished,” said Adam Meyers, vice president of intelligence at CrowdStrike. “At the same time, they won’t abate in intelligence collection operations, as they continue to negotiate and test the international community’s resolve and test what the boundaries are.”

North Korea attacks continue

CrowdStrike says it has detected continuing North Korean cyber intrusions in the past two months, including the use of a known malware against a potentially broad set of targets in South Korea, and a new variant of malware against users of mobile devices that use a Linux-based operating system.

This activity has been taking place against the backdrop of a dramatic diplomatic shift as Kim Jong Un has opened up to the world. He has held summits with South Korean President Moon Jae-in and with President Donald Trump, who hopes to persuade Kim to relinquish the nuclear weapons that pose a potential threat to the U.S. homeland. Tensions on the divided Korean Peninsula have dropped and fears of war with the U.S. have ebbed. Trump this weekend will dispatch his top diplomat, Mike Pompeo, to Pyongyang for the fourth time this year to make progress on denuclearization.

But North Korea has yet to take concrete steps to give up its nuclear arsenal, so there’s been no let-up in sanctions that have been imposed to deprive it of fuel and revenue for its weapons programs, and to block it from bulk cash transfers and accessing to the international banking system.

FireEye says APT38, the name it gives to the hacking group dedicated to bank theft, has emerged and stepped up its operations since February 2014 as the economic vise on North Korea has tightened in response to its nuclear and missile tests. Initial operations targeted financial institutions in Southeast Asia, where North Korea had experience in money laundering, but then expanded into other regions such as Latin America and Africa, and then extended to Europe and North America.

In all, FireEye says APT38 has attempted to steal $1.1 billion, and based on the data it can confirm, has gotten away with hundreds of millions in dollars. It has used malware to insert fraudulent transactions in the Society for Worldwide Interbank Financial Telecommunication or SWIFT system that is used to transfer money between banks. Its biggest heist to date was $81 million stolen from the central bank of Bangladesh in February 2016. The funds were wired to bank accounts established with fake identities in the Philippines. After the funds were withdrawn they were suspected to have been laundered in casinos.

Cyber attacks an alternative 

The Foundation for Defense of Democracies, a Washington think tank, said in a report Wednesday that North Korea’s cyber capabilities provide an alternative means for challenging its adversaries. While Kim’s hereditary regime appears to prioritize currency generation, attacks using the SWIFT system raise concerns that North Korean hackers “may become more proficient at manipulating the data and systems that undergird the global financial system,” it says.

Sandra Joyce, FireEye’s head of global intelligence, said that while APT38 is a criminal operation, it leverages the skills and technology of a state-backed espionage campaign, allowing it to infiltrate multiple banks at once and figure how to extract funds. On average, it dwells in a bank’s computer network for 155 days to learn about its systems before it tries to steal anything. And when it finally pounces, it uses aggressive malware to wreak havoc and cover its tracks.

“We see this as a consistent effort, before, during and after any diplomatic efforts by the United States and the international community,” said Joyce, describing North Korea as being “undeterred” and urging the U.S. government to provide more specific threat information to financial institutions about APT38’s modus operandi. APT stands for Advanced Persistent Threat.

Large Chile bank hacked

The Silicon Valley-based company says it is aware of continuing, suspected APT38 operations against other banks. The most recent attack it is publicly attributing to APT38 was against of Chile’s biggest commercial banks, Banco de Chile, in May this year. The bank has said a hacking operation robbed it of $10 million.

FireEye, which is staffed with a roster of former military and law-enforcement cyberexperts, conducted malware analysis for a criminal indictment by the Justice Department last month against Park Jin Hyok, the first time a hacker said to be from North Korea has faced U.S. criminal charges. He’s accused of conspiring in a number of devastating cyberattacks: the Bangladesh heist and other attempts to steal more than $1 billion from financial institutions around the world; the 2014 breach of Sony Pictures Entertainment; and the WannaCry ransomware virus that in 2017 infected computers in 150 countries. 

Meet Farmers of  Future: Robot

Brandon Alexander would like to introduce you to Angus, the farmer of the future. He’s heavyset, weighing in at nearly 1,000 pounds, not to mention a bit slow. But he’s strong enough to hoist 800-pound pallets of maturing vegetables and can move them from place to place on his own.

Sure, Angus is a robot. But don’t hold that against him, even if he looks more like a large tanning bed than C-3PO.

To Alexander, Angus and other robots are key to a new wave of local agriculture that aims to raise lettuce, basil and other produce in metropolitan areas while conserving water and sidestepping the high costs of human labor. It’s a big challenge, and some earlier efforts have flopped. Even Google’s “moonshot” laboratory, known as X, couldn’t figure out how to make the economics work.

After raising $6 million and tinkering with autonomous robots for two years, Alexander’s startup Iron Ox says it’s ready to start delivering crops of its robotically grown vegetables to people’s salad bowls. “And they are going to be the best salads you ever tasted,” says the 33-year-old Alexander, a one-time Oklahoma farmboy turned Google engineer turned startup CEO.

Iron Ox planted its first robot farm in an 8,000-square-foot warehouse in San Carlos, California, a suburb located 25 miles south of San Francisco. Although no deals have been struck yet, Alexander says Iron Ox has been talking to San Francisco Bay area restaurants interested in buying its leafy vegetables and expects to begin selling to supermarkets next year.

The San Carlos warehouse is only a proving ground for Iron Ox’s long-term goals. It plans to set up robot farms in greenhouses that will rely mostly on natural sunlight instead of high-powered indoor lighting that sucks up expensive electricity. Initially, though, the company will sell its produce at a loss in order to remain competitive.

During the next few years, Iron Ox wants to open robot farms near metropolitan areas across the U.S. to serve up fresher produce to restaurants and supermarkets. Most of the vegetables and fruit consumed in the U.S. is grown in California, Arizona, Mexico and other nations. That means many people in U.S. cities are eating lettuce that’s nearly a week old by the time it’s delivered.

There are bigger stakes as well. The world’s population is expected to swell to 10 billion by 2050 from about 7.5 billion now, making it important to find ways to feed more people without further environmental impact, according to a report from the World Resources Institute.

Iron Ox, Alexander reasons, can be part of the solution if its system can make the leap from its small, laboratory-like setting to much larger greenhouses.

The startup relies on a hydroponic system that conserves water and automation in place of humans who seem increasingly less interested in U.S. farming jobs that pay an average of $13.32 per hour, according to the U.S. Department of Agriculture. Nearly half of U.S. farmworkers planting and picking crops aren’t in the U.S. legally, based on a survey by the U.S. Department of Labor.

The heavy lifting on Iron Ox’s indoor farm is done by Angus, which rolls about the indoor farm on omnidirectional wheels. Its main job is to shuttle maturing produce to another, as-yet unnamed robot, which transfers plants from smaller growing pods to larger ones, using a mechanical arm whose joints are lubricated with “food-safe” grease.

It’s a tedious process to gently pick up each of the roughly 250 plants on each pallet and transfer them to their bigger pods, but the robot doesn’t seem to mind the work. Iron Ox still relies on people to clip its vegetables when they are ready for harvest, but Alexander says it is working on another robot that will eventually handle that job too.

Alexander formerly worked on robotics at Google X, but worked on drones, not indoor farms. While there, he met Jon Binney, Iron Ox’s co-founder and chief technology offer. The two men became friends and began to brainstorm about ways they might be able to use their engineering skills for the greater good.

“If we can feed people using robots, what could be more impactful than that?” Alexander says.

 

                 

Irish Regulator Opens Facebook Data Breach Investigation

Ireland’s data regulator has launched an investigation of Facebook over a recent data breach that allowed hackers access 50 million accounts which could potentially cost Facebook more than $1.6 billion in fines.

The Irish Data Protection Commission said Wednesday that it will look into whether the U.S. social media company complied with European regulations that went into effect earlier this year covering data protection.

It’s the latest headache for Facebook in Europe, where authorities are turning up the heat on dominant tech firms over data protection. Last month, European Union consumer protection chief Vera Jourova said that she was growing impatient with Facebook for being too slow in clarifying the fine print in its terms of service covering what happens to user data and warned that the company could face sanctions.

The commission said in a statement that it would examine whether Facebook put in place “appropriate technical and organizational measures to ensure the security and safeguarding of the personal data it processes.”

The commission said earlier this week the number of EU accounts potentially affected numbered less than 5 million.

Ireland, which is Facebook’s lead privacy regulator for Europe, is moving swiftly to investigate the U.S. tech company since the breach became public on Friday.

Facebook said Friday attackers gained the ability to “seize control” of user accounts by stealing digital keys the company uses to keep users logged in. They could do so by exploiting three distinct bugs in Facebook’s code.

The company said it has fixed the bugs and logged out the 50 million breached users — plus another 40 million who were vulnerable to the attack — in order to reset those digital keys. Facebook said it doesn’t know who was behind the attacks or where they’re based. Neither passwords nor credit card data was stolen. At the time, the company said it alerted the FBI and regulators in the U.S. and Europe.

Facebook on Wednesday didn’t immediately return a request for comment.

Facebook has faced a tumultuous year of security problems and privacy issues . News broke early this year that a data analytics firm once employed by the Trump campaign, Cambridge Analytica, had improperly gained access to personal data from millions of user profiles. Then a congressional investigation found that agents from Russia and other countries have been posting fake political ads since at least 2016. In April, Zuckerberg appeared at a congressional hearing focused on Facebook’s privacy practices.

The European Union implemented stronger data and privacy rules, known as General Data Protection Regulation, in May.

The case could prove to be the first major test of GDPR. Under the new rules, companies could be hit with fines equal to 4 percent of annual global turnover for the most serious violations. In Facebook’s case, that could amount to more than $1.6 billion based on its 2017 revenues.

The new rules also require companies to disclose any breaches within 72 hours. The commission said Facebook informed it that its internal investigation is continuing and that it is taking actions to “mitigate the potential risk to users.”

Child Advocates File FTC Complaint Against Facebook Kids’ App

Children’s and public health advocacy groups say Facebook’s kid-centric messaging app violates federal law by collecting kids’ personal information without getting verifiable consent from their parents.

The Campaign for a Commercial-Free Childhood and other groups asked the Federal Trade Commission on Wednesday to investigate Facebook’s Messenger Kids for violating the Children’s Online Privacy Protection Act, or COPPA.

The complaint says the app does not meet COPPA requirements because it doesn’t try to ensure that the person who sets up the kids’ account and gives consent to have their data collected is the actual parent. In fact, the groups say, someone could set up a brand new, fictional account and immediately approve a kid’s account without proving their age or identity.

Facebook said Wednesday it hasn’t yet reviewed the complaint letter. The company has said it doesn’t show ads on Messenger Kids or collect data for marketing purposes, though it does collect some data it says is necessary to run the service.

But the advocacy groups say the privacy policy of Messenger Kids is “incomplete and vague” and allows Facebook to disclose data to third parties and other Facebook services “for broad, undefined business purposes.”

Facebook launched Messenger Kids last December on iOS and has since expanded to Android and Amazon devices and beyond the U.S. to Mexico, Canada and elsewhere. It is aimed at children under 13 who technically cannot have Facebook accounts (although plenty of them do).

Though the company says it has received a lot of input from parents and children’s development experts in creating the app, groups such as the CCFC have been trying to get Messenger Kids shut down since it launched.

Trump to Meet With Google CEO, Other Tech Heads in October

U.S. President Donald Trump plans to meet with Google CEO Sundar Pichai and other tech executives this month at a social media summit.

White House economic adviser Larry Kudlow said Tuesday that the administration hoped Facebook and Twitter would send representatives to the meeting. Kudlow added the event would most likely happen in mid-October, though no date has been set.

Prominent conservatives, including the president, have accused Facebook, Google and Twitter of silencing right-leaning voices on their platforms, a suspected practice called “shadow banning.”

Kudlow had a meeting with Pichai last Friday, which he described as “great.”

Pichai drew flack from senators last month after failing to send an executive to a hearing, and he has agreed appear at another.

Google’s First Urban Development Raises Data Concerns

Heated streets will melt ice and snow on contact. Sensors will monitor traffic and protect pedestrians. Driverless shuttles will carry people to their doors.

A unit of Google’s parent company Alphabet is proposing to turn a rundown part of Toronto’s waterfront into what may be the most wired community in history — to “fundamentally refine what urban life can be.”

 

Sidewalk Labs has partnered with a government agency known as Waterfront Toronto with plans to erect mid-rise apartments, offices, shops and a school on a 12-acre (4.9-hectare) site — a first step toward what it hopes will eventually be a 800-acre (325-hectare) development.

 

High-level interest is clear: Prime Minister Justin Trudeau and Alphabet’s then-Executive Chairman Eric Schmidt appeared together to announce the plan in October.

 

But some Canadians are rethinking the privacy implications of giving one of the most data-hungry companies on the planet the means to wire up everything from street lights to pavement. And some want the public to get a cut of the revenue from products developed using Canada’s largest city as an urban laboratory.

 

“The Waterfront Toronto executives and board are too dumb to realize they are getting played,” said former BlackBerry chief executive Jim Balsillie, a smartphone pioneer considered a national hero.

 

Complaints about the proposed development prompted Waterfront Toronto to re-do the agreement to ensure a greater role for the official agency, which represents city, provincial and federal governments.

 

So far the project is still in the embryonic stage. After consultations, the developers plan to present a formal master plan early next year.

 

Dan Doctoroff, the CEO of Sidewalk Labs, envisions features like pavement that lights up to warn pedestrians of approaching streetcars. Flexible heated enclosures — described as “raincoats” for buildings — will be deployed based on weather data during Toronto’s bitter winters. Robotic waste-sorting systems will detect when a garbage bin is full and remove it before raccoons descend.

 

“Those are great uses of data that can improve the quality of life of people,” he said. “That’s what we want to do.”

 

Sidewalk Labs promotional materials promise “a place that’s enhanced by digital technology and data, without giving up the privacy and security that everyone deserves.”

 

Doctoroff said the company isn’t looking to monetize people’s personal information in the way that Google does now with search information. He said the plan is to invent so-far-undefined products and services that Sidewalk Labs can market elsewhere.

 

“People automatically assume because of our relationship to Alphabet and Google that they will be treated one way or another. We have never said anything” about the data issue, he said. “To be honest people should give us some time. Be patient.”

 

But that wasn’t good enough for Julie Di Lorenzo, a prominent Toronto developer who resigned from the Waterfront Toronto board over the project. Di Lorenzo said data and what Google wants to do with it should be front and center in the discussions. She also believes the government agency has given the Google affiliate too much power over how the project develops.

 

“How can [Waterfront Toronto], a corporation established by three levels of democratically elected government, have shared values with a limited, for-profit company whose premise is embedded data collection?” Di Lorenzo asked.

 

Di Lorenzo asks who will own the autonomous vehicles. “Is the municipality maintaining the fleet or forcing you to share your vehicle?” She also asks if people who don’t want their data collected will be allowed to live there.

 

The concerns have intensified following a series of privacy scandals at Facebook and Google. A recent Associated Press investigation found that many Google services on iPhones and Android devices store location-tracking data even if you use privacy settings that are supposed to turn them off.

 

“It gives all of us pause,” Waterfront board chair Helen Burstyn acknowledged.

 

Bianca Wylie, an advocate of open government, said it remains deeply troubling that Sidewalk Labs still hasn’t said who will own data produced by the project or how it will be monetized. Google is here to make money, she said, and Canadians should benefit from any data or products developed from it.

 

“We are not here to be someone’s research and development lab,” she said, “to be a loss leader for products they want to sell globally.”

 

Ottawa patent lawyer Natalie Raffoul said the fact that the current agreement leaves ownership of data issues for later shows that it wasn’t properly drafted and means patents derived from the data will default to Google.

 

“We just can’t be too trusting of corporations,” she said.

 

But Burstyn, the Waterfront Toronto chair, said the upcoming master plan will address data concerns. The agency wants to make Toronto a global hub of a rising new industry, she said.

 

“Everybody gets worried about the digital and technology aspects that might run amok,” she said. “I don’t worry about that as much as I see the opportunities for developing a really interesting, innovative community.”

 

Adam Vaughan, the federal lawmaker whose district includes the development, said debate about big data and urban infrastructure is coming to cities across the world and he would rather have Toronto at the forefront of discussion.

 

“Google is ahead of governments globally and locally. That’s a cause for concern but it’s also an opportunity,” Vaughan said.

EU Warns Facebook Not to Lose Control of Data Security

The EU’s top data privacy enforcer expressed worry Tuesday that Facebook had lost control of data security after a vast privacy breach that she said affected five million Europeans.

“It is a question for the management, if they have things under control,”  EU Justice and Consumer Affairs Commissioner Vera Jourova told AFP in Luxembourg.

“The magnitude of the company … makes it very difficult to manage, but they have to do that because they are harvesting the data and they are making incredible money on using our privacy as the commodity,” she added.

Jourova spoke just days after Facebook admitted that up to 50 million user accounts around the world had been breached by hackers, in yet another scandal for the beleaguered social platform.

“I will know more … in hours or days but according to our knowledge, five million Europeans have been affected out of those 50, which is an incredible number,” she said.

Jourova said Facebook’s quick revelation of the case demonstrated that new European rules on data protection implemented earlier this year are working.

New EU rules – the General Data Protection Regulation (GDPR) – have been billed as the biggest shake-up of privacy regulations since the birth of the web and give European regulators vast new enforcement powers.

The case for GDPR was boosted by another recent scandal over the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.

Jourova said the worst cases involve a company finding a major breach then failing to warn authorities or their users, which she said doesn’t appear to be the case in the latest Facebook drama.

Under GDPR, companies can be fined up to four percent of annual global turnover if they fail to abide by the rules, including notification of the data breach within 72 hours.

Facebook met this requirement, Jourova pointed out, which “is one of the factors which might result in lower sanctions, but this is only theoretical”.

 

3D Map of Singapore Helps City Planner Prepare for Future

Imagine seeing an incredibly detailed map of your home city in three dimensions, with every citizen carrying a cell phone showing up as a dot on that map. Well, you can’t because there are security issues galore when it comes to tracking people online. But you should know it’s possible, at least in Singapore, where city planners are considering how the technology may help improve life. VOA’s Kevin Enochs reports.

Instagram Names Adam Mosseri as New CEO

Adam Mosseri, a veteran 10-year Facebook executive, will become the new head of Instagram, outgoing co-founders Kevin Systrom and Mike Krieger announced Monday.

“We are thrilled to hand over the reins to a product leader with a strong design background and a focus on craft and simplicity,” Systrom and Krieger said in a press release.The pair announced their resignation last week without giving a clear explanation.

Mosseri, 35, has been Instagram’s head of product since May. He began as a designer at Facebook in 2008, and recently ran its News Feed. His appointment comes among fears that with the departure of Instagram’s independent-minded founders, the app will become more like Facebook: Cluttered with features, and invasive of user’s personal data.

Instagram was founded in 2010 and bought by Facebook two years later for $1 billion. While Facebook has struggled to hold onto younger users, Instagram remains popular with teens. It has also remained scandal-free, while Facebook has taken heat for numerous scandals including the spread of fake news, alleged exploitation of user data with third parties, electoral interference, and its use as a platform for radical leaders to spread propaganda in developing countries.

Can Wireless Challenge Cable for Home Internet Service?

Cellular companies such as Verizon are looking to challenge traditional cable companies with residential internet service that promises to be ultra-fast, affordable and wireless.

Using an emerging wireless technology known as 5G, Verizon’s 5G Home service provides an alternative to cable for connecting laptops, phones, TVs and other devices over Wi-Fi. It launches in four U.S. cities on Monday.

Verizon won’t be matching cable companies on packages that also come with TV channels and home phone service. But fewer people have been subscribing to such bundles anyway, as they embrace streaming services such as Netflix for video and cellphone services instead of landline.

“That’s the trend that cable has been having problems with for several years, and a trend that phone companies can take advantage of,” Gartner analyst Bill Menzes said.

That’s if the wireless companies can offer a service that proves affordable and effective.

T-Mobile and Sprint are also planning a residential 5G service as part of their merger proposal, though few details are known.

Verizon’s broadband-only service will cost $70 a month, with a $20 discount for Verizon cellular customers. According to Leichtman Research Group, the average price for broadband internet is about $60, meaning only some customers will be saving money.

Even so, Verizon can try to win over some customers with promises of reliability.

Verizon says its service will be much faster than cable. That means downloading a two-hour movie in high definition in two minutes rather than 21. The service promises to let families play data-intensive games and watch video on multiple devices at once, with little or no lag.

“The things that really matter to a customer are how fast it is and how reliable it is,” longtime telecom analyst Dave Burstein said. In tests of Verizon’s 5G so far, he said, “reliability is proving out quite nicely.”

Verizon could also capitalize on many people’s frustration with their cable companies. Consumer Reports magazine says customers have long been unhappy with perceived weak customer service, high prices and hidden fees.

The residential 5G service is part of a broader upgrade in wireless technology.

Verizon has spent billions of dollars for rights to previously unused radio waves at the high end of the frequency spectrum. It’s a short-range signal, ideal for city blocks and apartment buildings, but less so for sprawling suburbs or rural communities. That’s why Verizon is pushing residential service first, while AT&T is building a more traditional cellular network for people on the go, using radio waves at the lower end.

AT&T is aiming to launch its 5G mobile network this year in 12 cities, including Atlanta and Charlotte, North Carolina. Dish also has plans for a 5G network, but it’s focused on connecting the so-called “Internet of Things,” everything from laundry machines to parking meters, rather than cellphones or residential broadband.

Sprint tried to introduce residential wireless service before, using a technology called WiMax, but it failed to gain many subscribers as LTE trumped WiMax as the dominant cellular technology. This time, Verizon is using the same 5G technology that will eventually make its way into 5G cellular networks.

The Verizon service will start in parts of Houston, Indianapolis, Los Angeles, and Sacramento, California.

“These are small areas but significant,” said Ronan Dunne, president of Verizon Wireless. “Tens of thousands of homes, not hundreds of thousands of homes.” Eventually, Verizon projects 30 million homes in the U.S. will be eligible, though there’s no timeline.

For now, Verizon isn’t planning to hit markets where it already has its cable-like Fios service. Verizon stopped expanding Fios around 2010, in part because it was expensive to dig up streets and lay fiber-optic lines. Verizon can build 5G more cheaply because it can use the same towers available for cellular service.

That said, Verizon might not recoup its costs if it ends up drawing only customers who stand to save money over cable, said John Horrigan, a broadband expert at the Technology Policy Institute.

And while Verizon says the new network will be able to handle lots of devices at once, anyone who’s tried to use a phone during concerts and conferences will know that the airwaves can get congested quickly.

What Verizon’s service won’t do is extend high-speed internet access to rural America, where many households can’t get broadband at all, let alone competition. Cable and other companies haven’t found it profitable to extend wires to remote parts of the country. But Verizon will face the same problem, given that its short-range signal will require several wireless towers closer together. That’s feasible only in densely populated areas.

That’s not good enough, said Harold Feld, senior vice president of the advocacy group Public Knowledge. He said internet service at reasonable prices is “fundamental” for all Americans — not just those who live in populated areas.

T-Mobile and Sprint want to jointly create a 5G network that would also offer residential wireless broadband, but not for a few years. In seeking regulatory approval, the companies say 20 percent to 25 percent of subscribers will be in rural areas that have limited access to broadband. But the companies offered no details on how they would do so. T-Mobile and Sprint declined to comment.

 

New California Internet Neutrality Law Triggers US Lawsuit

California Gov. Jerry Brown has approved the nation’s strongest net neutrality law, prompting an immediate lawsuit by the Trump administration and opening the next phase in the battle over regulating the internet.

Advocates of net neutrality hope California’s law, which Brown signed Sunday to stop internet providers from favoring certain content or websites, will push Congress to enact national rules or encourage other states to create their own.

However, the U.S. Department of Justice quickly moved to halt the law from taking effect, arguing that it creates burdensome, anti-consumer requirements that go against the federal government’s approach to deregulating the internet.

“Once again the California Legislature has enacted an extreme and illegal state law attempting to frustrate federal policy,” U.S. Attorney General Jeff Sessions said in a statement.

The Federal Communications Commission repealed Obama-era rules last year that prevented internet companies from exercising more control over what people watch and see on the internet.

The neutrality law is the latest example of California, ground zero of the global technology industry, attempting to drive public policy outside its borders and rebuff President Donald Trump’s agenda.

Brown did not explain his reasons for signing the bill or comment on the federal lawsuit Sunday night.

Supporters of the new law cheered it as a win for internet freedom. It is set to take effect January 1.

“This is a historic day for California. A free and open internet is a cornerstone of 21st century life: our democracy, our economy, our health care and public safety systems, and day-to-day activities,” said Democratic Sen. Scott Wiener, the law’s author.

It prohibits internet providers from blocking or slowing data based on content or from favoring websites or video streams from companies that pay extra.

Telecommunications companies lobbied hard to kill it or water it down, saying it would lead to higher internet and cellphone bills and discourage investments in faster internet. They say it’s unrealistic to expect them to comply with internet regulations that differ from state to state.

USTelecom, a telecommunications trade group, said California writing its own rules will create problems.

“Rather than 50 states stepping in with their own conflicting open internet solutions, we need Congress to step up with a national framework for the whole internet ecosystem and resolve this issue once and for all,” the group said in a Sunday statement.

Net neutrality advocates worry that without rules, internet providers could create fast lanes and slow lanes that favor their own sites and apps or make it harder for consumers to see content from competitors.

That could limit consumer choice or shut out upstart companies that can’t afford to buy access to the fast lane, critics say.

The new law also bans “zero rating,” in which internet providers don’t count certain content against a monthly data cap — generally video streams produced by the company’s own subsidiaries and partners.

Oregon, Washington and Vermont have approved legislation related to net neutrality, but California’s measure is seen as the most comprehensive attempt to codify the principle in a way that might survive a likely court challenge. An identical bill was introduced in New York.

A Pakistani American Startup Fighting Media Censorship

According to the latest report by the Committee to Protect Journalists in Pakistan, fatal violence against journalists has declined, but fear and self-censorship have grown. In this era, five Pakistani American students at Harvard University have created a startup that challenges censorship using the latest block-chain technology. Their mission is “making journalism truly free.” Saqib Ul Islam visited Harvard’s innovation lab to bring us the story of a new company called “Inkrypt.”

Google CEO to Testify Before US House on Bias Accusations

Google Chief Executive Sundar Pichai has agreed to testify before the U.S. House Judiciary Committee later this year over Republican concerns that the company is biased against conservatives, a senior Republican said Friday.

Republicans want to question Google, the search engine of Alphabet Inc, about whether its search algorithms are influenced by human bias. They also want to probe it on issues such as privacy, classification of news and opinion, and dealing with countries with human rights violations.

Pichai met with senior Republicans on Friday to discuss their concerns, House Majority Leader Kevin McCarthy said.

McCarthy told reporters after the meeting that it was “very productive” and “frank.”

“I think we’ve really shown that there is bias, which is human nature, but you have to have transparency and fairness,” McCarthy said. “As big tech’s business grows, we have not had enough transparency and that has led to an erosion of trust and, perhaps worse, harm to consumers.”

Alphabet Inc’s Google unit has repeatedly denied accusations of bias against conservatives. Pichai left the meeting without comment.

Pichai wrote in an internal email last week that suggestions that Google would interfere in search results for political reasons were “absolutely false. We do not bias our products to favor any political agenda.”

The CEO had been scheduled to be in Asia this week but canceled the trip to be in Washington.

The hearing will take place after the midterm congressional elections in November, McCarthy said.

Google came under fire from members of both parties earlier this month for refusing to send a top executive to a Senate Intelligence Committee hearing that included Facebook Inc and Twitter Inc executives.

Republicans have also raised concerns about Google’s dominance. Earlier this week, the Justice Department met with state attorneys general to focus on the need to protect consumer privacy when big technology companies amass vast troves of data, but came to no immediate conclusions.

Asked if Republicans will push to break up Google, McCarthy said: “I don’t see that.” He said the hearing will look at privacy, bias issues, China and other matters.

Pichai is also meeting with Democratic lawmakers and is due to meet with White House economic adviser Larry Kudlow on Friday, a White House official said Thursday.

Facebook Tightens Security After Announcing Breach

The security breach Facebook announced Friday that affected 50 million users was a setback for the social media giant, which has been working for months to regain customers’ trust over how it handles their data.

In addition to the 50 million users whose log-on information could have been accessed by hackers, the company required as a precaution another 40 million to log on to be able to get on their accounts. Facebook said it reported the breach of the company’s code, which the firm said it fixed, to law enforcement.

The social media company was not sure Friday whether any personal information had been gathered or misused, but it scrambled to address the issue, which was discovered earlier in the week. Facebook users may find they have to relink their Facebook accounts to their Instagram accounts, and possibly to third-party apps, which users often log on to with their Facebook accounts.

In a call Friday with reporters, Guy Rosen, Facebook vice president of product management, said that the breach appeared to be very broad with no specific country targeted. “We’ll update with what we learn,” he said. 

Focus on elections

The breach came just weeks before the U.S. midterm elections, something the company has been keenly focused on.

More than 300 Facebook workers are scouring the platform, looking for false news, fake accounts and disinformation campaigns by foreign state-sponsored operatives that may be trying to sway voters. Facebook executives have said that they did not do enough to address these issues in the run-up to other elections such as the 2016 U.S. presidential race and that they are working to fix them.

In addition, Facebook’s relationship with its 2 billion users took a hit last spring when it was disclosed that an outside researcher who was given access to Facebook data used the information for political campaigns. As a result, the company contacted users whose information might have been seen or used by the outside firm Cambridge Analytica.

“We have a responsibility to protect your data, and if we can’t, then we don’t deserve to serve you,” Facebook CEO Mark Zuckerberg said in a statement posted to his Facebook page in March.

‘View As’ tool

The company said hackers exploited the privacy feature known as “View As,” which lets users see how their own profiles would look to other people. Facebook said hackers were then able to use the security flaw to steal log-in keys, called access tokens, that could allow them to access people’s accounts.

“We’re a big fan of ‘View As’ here at EFF,” said Gennie Gebhart, associate director of research at the Electronic Frontier Foundation, the digital civil liberties group. “It’s one good way to make sure that your privacy settings are the way you want them to be. I can see what my friends see or friends of friends see.”

But by checking what a friend can see, the “View As” tool actually made one’s friend vulnerable to this hack.

A relatively new feature that allowed users to upload “Happy Birthday” videos was part of a combination of three bugs that contributed to the vulnerability, the social media firm said.

“It’s one of those weird things that daisy-chained together,” Gebhart added.

Facebook said it was shutting down “View As” until further notice.

The hackers “used the access tokens to query data, but there are no public reports of abusing the access to post updates to timelines or spread disinformation,” said Travis Smith, principal security researcher at Tripwire, a security firm. “This could be because they were only after data or it could be that their attack was cut off midstream by Facebook before they could reach their ultimate goal.”

Security advice

Affected Facebook users should take some additional steps, said Gary Davis, the chief consumer security evangelist at security firm McAfee, who wrote about the Facebook hack in a blog post.

Among them, users should change their log-in information. “Since this flaw logged users out, it’s vital you change up your log-in information,” he wrote. 

He also stressed users should update their Facebook apps as soon as possible.

“Facebook has already issued a fix to this vulnerability, so make sure you update immediately,” he wrote.

Uber to Pay $148M for Hiding Data Breach

The ride-hailing service Uber has agreed to pay $148 million to settle claims that it concealed a massive data breach that exposed personal information of drivers and customers. 

In November 2016, Uber learned that hackers had accessed personal data of about 600,000 Uber drivers, including their driver’s license numbers. Hackers also had stolen email addresses and cellphone numbers of 57 million riders worldwide. 

The claims, filed in every U.S. state and the District of Columbia, said rather than inform the drivers involved, Uber hid the breach for more than a year and paid ransom to ensure the data wouldn’t be misused.

“This is one of the most egregious cases we’ve ever seen in terms of notification; a yearlong delay is just inexcusable,” Illinois Attorney General Lisa Madigan told The Associated Press. 

Uber’s chief legal officer, Tony West, said the decision to come clean about the hack was made after major management changes at the company. 

“It embodies the principles by which we are running our business today: transparency, integrity and accountability,” West said. 

Each state will receive a part of the settlement based on how many drivers they have. Most states estimate each affected Uber driver will receive about $100. 

US Lawmakers Urged to Enact Personal Data Protections, But With Care

U.S. communications and social media titans are urging lawmakers to craft strong, uniform protections for Americans’ personal data without squashing innovation.

The Senate Commerce Committee heard testimony Wednesday from Apple, Amazon.com, Google, Twitter, and AT&T executives at a time when data breaches are commonplace, many Americans are mystified or unaware of how their personal data may be used or shared, and jurisdictions from the European Union to the state of California have taken action to safeguard consumers.

“Privacy means much more than having the right to not share your personal information. Privacy is about putting the user in control when it comes to that information. We believe that privacy is a fundamental human right, which should be supported by both social norms and the law,” said Apple’s vice president for software technology, Bud Tribble.

“In today’s data-driven world, it is more important than ever to maintain consumers’ trust and give them control over their personal information,” said AT&T’s senior vice president for global public policy, Leonard Cali.

The executives urged lawmakers to implement national standards that would preempt individual states from taking action on their own, as California has done.

“California is a single state, and if other states follow suit, we’ll be facing a patchwork of rules and fragmentation that will be just unworkable for consumers, as well as mobile companies and internet companies,” Cali said.

At the same time, senators were urged to craft legislation with care. Several witnesses described the European Union’s General Data Protection Regulation, implemented earlier this year, as overly burdensome.

“Meeting its [the GDPR’s] specific requirements for the handling, retention, and deletion of personal data required us to divert significant resources to administrative tasks and away from invention on behalf of customers,” Amazon.com Vice President Andrew DeVore said.

DeVore added, “We encourage Congress to ensure that additional overhead and administrative demands any legislation might require, actually produce commensurate consumer privacy benefits.”

Current proposal

Congress already has legislation to consider. Earlier this year, Minnesota Democratic Senator Amy Klobuchar and Louisiana Republican John Kennedy introduced a bill that would require companies to write terms of service agreements in plain language and allow consumers to review data collected about them and find out if and how it has been shared. Other proposals are likely to be forthcoming.

“The question is no longer whether we need a federal law to protect consumers’ privacy,” said the committee’s chairman, Republican Senator John Thune of South Dakota. “The question is what shape that law should take.”

Privacy questions

Several senators readily acknowledged that they did not grow up in the digital age.

“This thing sometimes mystifies me,” Montana Democrat Jon Tester said, holding up his smartphone.  Tester added that he was perplexed to see that, after searching for new tires for his truck, online advertisements for tires appeared on Web pages he subsequently visited.

“How the hell did they get that information?” he asked.

Google Chief Privacy Officer Keith Enright responded the search engine allows Web pages to earn revenue “by placing advertisements that may be targeted to a user’s interests.” But, he stressed, “No personal information is passing from Google to that third party — we neither sell it nor share it.”

Senate Panel Opens Hearing on Crafting US Privacy Law

The Trump administration is hoping Congress can come up with a new set of national rules governing how companies can use consumers’ data that finds a balance between “privacy and prosperity.”

But it will be tricky to reconcile the concerns of privacy advocates who want people to have more control over the usage of their personal data — where they’ve been, what they view, who their friends are —and the powerful companies that mine it for profit.

Senior executives from AT&T, Amazon, Apple, Google, Twitter and Charter Communications are scheduled to testify at the hearing, amid increasing anxiety over safeguarding consumers’ data online and recent scandals that have stoked outrage among users and politicians.

Sen. John Thune, a South Dakota Republican who heads the Senate Commerce Committee, opened Wednesday’s hearing by saying there’s a strong desire by both Republicans and Democrats for a new data privacy law.

But the approach being pondered by policymakers and pushed by the internet industry leans toward a relatively light government touch. That’s in contrast to stricter EU rules that took effect in May.

An early move in President Donald Trump’s tenure set the tone on data privacy. He signed a bill into law in April 2017 that allows internet providers to sell information about their customers’ browsing habits. The legislation scrapped Obama-era online privacy rules aimed at giving consumers more control over how broadband companies like AT&T, Comcast and Verizon share that information.

Allie Bohm, policy counsel at the consumer group Public Knowledge, says examples abound of companies not only using the data to market products but also to profile consumers and restrict who sees their offerings: African Americans not getting access to ads for housing, minorities and older people excluded from seeing job postings.

The companies “aren’t going to tell that story” to the Senate panel, she said. “These companies make their money off consumer data.”

What is needed, privacy advocates maintain, is legislation to govern the entire “life cycle” of consumers’ data: how it’s collected, used, kept, shared and sold.

Meanwhile, regulators elsewhere have started to act.

The 28-nation European Union put in strict new rules this spring that require companies to justify why they’re collecting and using personal data gleaned from phones, apps and visited websites. Companies also must give EU users the ability to access and delete data, and to object to data use under one of the claimed reasons.

A similar law in California will compel companies to tell customers upon request what personal data they’ve collected, why it was collected and what types of third parties have received it. Companies will be able to offer discounts to customers who allow their data to be sold and to charge those who opt out a reasonable amount, based on how much the company makes selling the information.

Andrew DeVore, Amazon’s vice president and associate general counsel, told the Senate panel Wednesday that it should consider the “possible unintended consequences” of California’s approach. For instance, he says the state law defines personal information too broadly such that it could include all data.

The California law doesn’t take effect until 2020 and applies only to California consumers, but it could have fallout effects on other states. And it’s strong enough to have rattled Big Tech, which is seeking a federal data-privacy law that would be more lenient toward the industry.

“A national privacy framework should be consistent throughout all states, pre-empting state consumer-privacy and data security laws,” the Internet Association said in a recent statement . The group represents about 40 big internet and tech companies, spanning Airbnb and Amazon to Zillow. “A strong national baseline creates clear rules for companies.”

The Trump White House said this summer that the administration is working on it, meeting with companies and other interested parties. Thune’s pronouncement and one from a White House official stress that a balance should be struck in any new legislation — between government supervision and technological advancement.

The goal is a policy “that is the appropriate balance between privacy and prosperity,” White House spokeswoman Lindsay Walters said. “We look forward to working with Congress on a legislative solution.”

 

Into the Fold? What’s Next for Instagram as Founders Leave

When Kevin Systrom and Mike Krieger sold Instagram to Facebook in 2012, the photo-sharing startup’s fiercely loyal fans worried about what would happen to their beloved app under the social media giant’s wings. 

None of their worst fears materialized. But now that its founders have announced they are leaving in a swirl of well wishes and vague explanations, some of the same worries are bubbling up again — and then some. Will Instagram disappear? Get cluttered with ads and status updates? Suck up personal data for advertising the way its parent does? Lose its cool? 

Worst of all: Will it just become another Facebook?

“It”s probably a bigger challenge (for Facebook) than most people realize,” said Omar Akhtar, an analyst at the technology research firm Altimeter. “Instagram is the only platform that is growing. And a lot of people didn’t necessarily make the connection between Instagram and Facebook.”

Instagram had just 31 million users when Facebook snapped it up for $1 billion; now it has a billion. It had no ads back then; it now features both display and video ads, although they’re still restrained compared to Facebook. But that could quickly change. Facebook’s growth has started to slow, and Wall Street has been pushing the company to find new ways to increase revenue.

Instagram has been a primary focus of those efforts.

Facebook has been elevating Instagram’s profile in its financial discussions. In July, it unveiled a new metric for analysts, touting that 2.5 billion people use at least one of its apps — Facebook, Instagram, WhatsApp or Messenger — each month. While not particularly revealing, the measurement underscores the growing importance Facebook places on those secondary apps. 

Facebook doesn’t disclose how much money Instagram pulls in, though Wedbush analyst Michael Pachter estimates it’ll be around $6 billion this year, or just over 10 percent of Facebook’s expected overall revenue of about $55.7 billion. 

Facebook CEO Mark Zuckerberg has long seen Instagram’s promise. At the time, it was by far Facebook’s largest acquisition (although it was dwarfed by the $19 billion Zuckerberg paid for WhatsApp two years later). And it was the first startup allowed to operate mostly independently. 

That has paid off big time. Not only did Instagram reach 1 billion users faster than its parent company, it also succeeded in cloning a popular Snapchat feature, dealing a serious blow to that social network upstart and succeeding where Facebook’s own attempts had repeatedly failed. Instagram also pioneered a long-form video feature to challenge YouTube, another big Facebook rival.

Recently, Instagram has been on a roll. In June, Systrom traveled to New York to mark the opening of its new office there, complete with a gelato bar and plans to hire hundreds of engineers. Only a month earlier, Instagram had moved into sparkly new offices in San Francisco. In a July earnings call, Zuckerberg touted Instagram’s success as a function of its integration with Facebook, claiming that it used parent-company infrastructure to grow “more than twice as quickly as it would have on its own.”

But Instagram has also been a case study in how to run a subsidiary independently — especially when its parent is mired in user-privacy problems and concerns about election interference, fake news and misinformation. And especially when its parent has long stopped being cool, what with everyone and their grandma now on it.

Instagram’s simple design — just a collection of photos and videos of sunsets, faraway vacations, intimate breakfasts and baby close-ups — has allowed it to remain a favorite long after it became part of Facebook. If people go to Twitter to bicker over current events and to Facebook to see what old classmates are up to, Instagram is where they go to relax, scroll and feast their eyes.

So, will that change?

“I don’t think Zuckerberg is dumb,” Akhtar said. “He knows that a large part of Instagram’s popularity is that it’s separate from Facebook.”

As such, he thinks Facebook would be wise to reassure users that what they love about Instagram isn’t going to change — that they are not going to be forced to integrate with Facebook. “That’ll go a long way,” he said. 

Internally, the challenge is a bit more complicated. While Systrom and Krieger didn’t say why they’re leaving, their decision echoes the recent departure of WhatsApp’s co-founder and CEO Jan Koum, who resigned in April. Koum had signaled years earlier that he would take a stand if Facebook’s push to increase profits risked compromising core elements of the WhatsApp messaging service, such as its dedication to user privacy. When Facebook started pushing harder for more revenue and more integration with WhatsApp, Koum pulled the ripcord.

One sign that additional integration may be in Instagram’s future: Zuckerberg in May sent longtime Facebook executive Adam Mosseri to run Instagram’s product operation. Mosseri replaced longtime Instagrammer Kevin Weil, who was shuffled back to the Facebook mothership. 

That likely didn’t sit well with Instagram’s founders, Akhtar and other analysts said. Now that they’re gone as well, Mosseri is the most obvious candidate to head Instagram. 

“Kevin Systrom loyalists are probably going to leave,” Akhtar said. 

Which means Facebook may soon have a new challenge on its hands: Figuring out how to keep Instagram growing if it loses the coolness factor that has bolstered it for so long.

A Swipe is Not Enough: Tinder Tests Extra Control for Women

The Indian edition of dating app Tinder is testing a new feature which gives women an additional level of scrutiny before they allow men to start messaging conversations, with a view to rolling the function out globally.

The “My Move” feature allows women to choose in their settings that only they can start a conversation with a male match after both have approved each other with Tinder’s swiping function.

Normally, the app gives both parties to a successful match – where both have swiped yes on the other’s photograph – the right to text each other immediately.

Tinder has been testing the function for several months and plans to spread it worldwide if the Indian rollout proves successful. Rival dating-app Bumble already only allows the female party to a heterosexual match to start conversations.

Dating is still frowned upon in many circles in India’s religiously- and ethnically-divided society, where arranged marriages are still the norm.

Taru Kapoor, general manager for Tinder owner Match Group in India, told Reuters the function had been pioneered in India because of Tinder’s need to attract more women to the app by making them feel more comfortable and secure.

“We’re a platform based on mutual respect, consent, and choice,” she said. “We are focused on making the experience of women safer.”

Thousands of reports of sexual violence and rape in India each year have raised concerns around the safety of women in many parts of the country.

Yet an emerging class of young, well-to-do Indians in cosmopolitan cities like Bengaluru and Mumbai have made the country Tinder’s largest market in Asia. The company also says India is its “chattiest” market globally, with users using the in-app messaging feature more than any other country.

Tinder has generally had few ad campaigns and its few glossy productions in India have tended to focus on the female experience on the app – a reflection of the predominance of men on the Indian version.

The app, which has an average 3.8 million users globally had the highest number of monthly active users on Android phones in India last month in the Lifestyle category, according to market data and analytics firm, App Annie.

The app is also the third highest earner by revenue across all categories when Google Play & iOS revenues are combined.

“I know the kind of creeps out there on Tinder and other dating apps,” said one of a dozen male users Reuters talked to on Tuesday.

“One extra layer of security doesn’t do much harm to men apart from slimming their chances of striking up a conversation.”

Several female users interviewed by Reuters remained skeptical about the usefulness of the feature and said the change in settings would not do much to change their experience.

“Even after carefully picking someone, if they turn out to be nothing like you imagined, there is always an unmatch option,” said one 25-year-old Bengaluru resident who met her boyfriend through Tinder.

Spotify, Deezer, Others Call for Stronger EU Action Against US Rivals

Music streaming services Spotify and Deezer joined European business and industry bodies in calling on EU regulators to take tougher action to curb what they say are the unfair practices of online platforms.

EU governments are set in the coming weeks to come up with a joint position on a proposed platform-to-business (P2B) law which is meant to ensure greater transparency and fairness in the digital economy.

Driven by concerns over privacy and data protection, the European Union has in recent years introduced tougher rules to regulate online markets dominated by U.S. tech giants such as Google, Apple and Amazon.

But in a joint letter, businesses and industry bodies such as the European Publishers Council and the European Association of Craft, Small and Medium-Sized Enterprises, said the P2B proposal did not go far enough.

“Targeted measures to prevent unfair practices by platforms are needed if the legislation is to promote sustained digital growth,” they said in a joint letter dated Sept. 24 seen by Reuters.

Unveiled by the European Commission in April, the P2B law would force app stores, search engines, e-commerce sites and hotel booking websites such as Expedia to be more transparent about how they rank search results and why they delist some services.

It would also give companies the right to group together and sue online platforms.

The European business and industry groups did not name any platforms in their letter, which was addressed to EU ministers of competitiveness who are due to meet in Brussels on Sept. 27.

“Instead of being gateways that facilitate access, these platforms use their privileged position to become gatekeepers to the digital economy,” they said in the letter.

They also said unfair business practices include large platforms favoring their own services, unilateral and sudden changes in terms and conditions, arbitrary marketing bans, mandatory use of a particular billing system and arbitrary restrictions on data use.

Tech lobbying group CCIA, which represents Google, Amazon and eBay, have previously said there is no evidence of a systemic problem to justify more regulations.

Once EU governments have decided on a joint position, they will have to negotiate with the Commission and European Parliament on the final legislation.