Jul 16, 2020

Axios Login

By Ina Fried
Ina Fried

First off, happy 25th birthday to a little-known internet bookseller. That's right Amazon.com launched on this day in 1995.

Also, join me tomorrow at 12:30pm ET with New York Rep. Grace Meng, Stand for Children CEO Jonah Edelman, and Center for Connected Health Policy executive director Mei Kwong for a conversation on how the coronavirus is hastening the shift to telemedicine and remote education.

Today's Login is 1,610 words, a 6-minute read.

1 big thing: Twitter's big hack bares broad dangers

Illustration: Rebecca Zisser/Axios

Twitter's major security incident Wednesday — in which hackers took over the accounts of Joe Biden, Barack Obama, Elon Musk, Bill Gates and other notable figures to push a cryptocurrency scam — stunned the worlds of politics and tech.

Why it matters: As bad as Wednesday's rampage was — and it was bad — the real fallout came as business leaders, politicians and everyday users realized that their chosen network for real-time information is even more vulnerable to being hijacked than they thought.

Driving the news:

  • The accounts of high-profile individuals and corporations were compromised within a short period of time Wednesday afternoon, allowing the posting of a message luring people to deposit Bitcoin in a specific account.
  • Late Wednesday, Twitter posted: "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."
  • Aiming to contain the problem, Twitter for a time prevented all verified accounts (those of journalists, politicians, celebrities, and other public actors) from posting new messages.

What they're saying: Twitter said its investigation is still ongoing.

  • "We know [the attackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf," the company said in a tweet. "We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it."

The big picture: Experts pointed out that the plot to steal Bitcoin was small potatoes compared with the much worse things a malefactor could do with access to Twitter's highest profile accounts.

  • President Trump essentially governs via the social network, dictating new policies and threatening other world leaders. In the wrong hands, that account could start a war. (Trump's account did not appear to be compromised in this incident.)
  • Many have warned of this danger. I wrote in 2016 that President Trump should ditch his cell phone (and Twitter) for the sake of national security.

Between the lines: Some of the deeper problems revealed Wednesday relate to Twitter's structure.

  • The blue check mark next to a name is supposed to indicate that you can trust the identity of the account.
  • But those are exactly the accounts that were compromised.

Twitter's response blocking all verified accounts from posting, an understandable tactic to limit the spread of the scam, created its own problems.

  • Deprived of their main accounts, many prominent tweeters turned to old secondary accounts, friends' accounts or all-new accounts to keep posting. Some news outlets, like NBC News, posted to temporary accounts, while others sent out news from less prominent accounts.
  • This workaround allowed them to keep the messages flowing. But it created new problems for Twitter's information climate, since the same method could be used by impersonators to spread misinformation or scams of their own.

What's next: With Twitter's prominence in politics, lawmakers are also promising inquiries.

  • Before the situation had even been resolved, Sen. Josh Hawley (R-Mo.) sent a note to the company demanding answers.
  • And, as former FTC technologist Ashkan Soltani points out, Twitter settled with that agency in 2010 over previous lapses that allowed administrative access to accounts.
2. Court kills landmark EU-U.S. data privacy pact

Illustration: Aïda Amer/Axios

Europe's highest court blew up the agreement that allows most data transfers between the EU and the U.S. Thursday, creating uncertainty for the tech firms that rely on the pact and likely sending officials scrambling to come up with a replacement, Axios' Ashley Gold reports.

Why it matters: Major global tech companies like Facebook and Google send troves of user data across the Atlantic daily. This decision severely complicates the future of that and sends the message that Europe doesn't accept how its citizens' data is handled stateside.

Driving the news: The Court of Justice of the European Union Thursday morning declared as invalid Privacy Shield, the agreement that broadly governs transatlantic data transfers for most companies.

  • The court did, however, uphold the terms that tech companies sometimes put in contracts dealing with sending data out of Europe, meaning companies can still rely on such contractual language to transfer data across the Atlantic, as long as data protection authorities don't reject it.

Details: The court, in striking down Privacy Shield, said American government surveillance makes it impossible to ensure Europeans' data can be protected once it enters the U.S., as it inherently collects more data than European law permits and European citizens have no redress if the U.S. government violates their privacy.

  • It's unlikely a U.S.-appointed ombudsperson, as established under Privacy Shield, could force American intelligence agencies to handle Europeans' data differently or would be independent from U.S. government interests, the court concluded.

Yes, but: This doesn't mean companies can’t ship data across the Atlantic ever again, but it will certainly be harder now. It signals diverging values around privacy between the U.S. and the EU, which has been critical of the U.S. over its surveillance practices and failure to pass a comprehensive data privacy law.

What they're saying: Max Schrems, the Austrian privacy advocate who brought the case, said he was "very happy" with the judgment, contending "the only way to overcome this clash is for the US to introduce solid privacy rights for all people — including foreigners."

  • Trade group BSA said the decision "creates a challenge for more than 5,300" firms that relied on Privacy Shield, 70% of which, it said, are small and midsized businesses.
  • Microsoft sought to assure customers that there shouldn't be any disruption to their data flows since the court upheld the contractual clauses.

What's next: U.S. and EU regulators will now be tasked with negotiating a new agreement that can withstand a legal challenge.

  • That may be a tall order, given the existential issues the ruling raises with how Europeans' data gets handled once it enters the U.S.
3. G Suite's boss on Google's latest changes

Google on Wednesday debuted a bunch of changes to G Suite, making it easier for users to move between applications and, as G Suite boss Javier Soltero told Axios, allowing even greater online collaboration.

Why it matters: The pandemic has made workplace productivity tools even more critical, as so many work from home, and amped up Google's competition with Microsoft, as well as with tools like Zoom and Slack.

The big picture: Bundling products, Soltero said, is "a very appealing opportunity for any company that sells multiple things," but these changes, he insists, are more than that.

  • Soltero points to Reese's Peanut Butter Cups as an unlikely North Star for the G Suite changes.
  • It's not just combining peanut butter and chocolate that makes Reese's unique, he argues, but the shape and way the flavors are combined. So, too, with G Suite.

Zoom, for example, offers chat, but conversations disappear once the video call ends.

  • With the new integration of Meet and Google Chat, Soltero said that conversation can live on, along with shared files and captured tasks.

Google isn't looking to take on project management apps like Asana, he said, but offer an easy integrated option for less hardcore project managers.

Between the lines: These changes were planned before the pandemic, dating back more than a year and were on the drawing board before Soltero arrived. However, Soltero confirmed that some of the moves were sped up, including the integration of Meet video chatting into Gmail earlier this year.

The deeper integrations unveiled Wednesday are limited to paid G Suite accounts and won't be visible to consumers. And, though Google made the enterprise features of Meet free until September, Soltero said Google plans to limit those features to paid users after that point.

4. Scener adds more services for watch parties

A rendering of the Scener experience for San Diego Comic Con as seen on a laptop. Image: Scener

Scener, a small spinoff from RealNetworks, is expanding its service, which lets people in separate locations watch video simultaneously while also chatting, offering a digital, socially distant option for watching a movie or TV show with friends.

The big picture: The company's product is one of many for which the pandemic has been, in its way, fortuitous, making what might have been a niche experience into a social lifeline.

Driving the news:

  • Scener, which had worked with Netflix and HBO Max, is announcing today new support for Amazon's Prime Video, Disney+, the premium version of Hulu, Vimeo and Funimation.
  • Scener, which works via a Chrome browser plug-in, aims to protect copyrighted content by requiring each device to log into the video service being used.
  • Scener is also working with San Diego Comic Con to offer online tracks in movies and anime that attendees can watch from home by logging into their existing streaming services.

Go deeper: Scener is a new Twitch-like commentary platform for streaming media (GeekWire)

5. FCC poised to establish suicide hotline number

The Federal Communications Commission is expected to designate 988 today as the new nationwide number to reach a suicide prevention and mental health crisis hotline, Axios' Margaret Harding McGill reports.

Why it matters: The change should make it easier for Americans to reach the National Suicide Prevention Lifeline, which connects to a network of local crisis centers. Surveys and experts suggest more people are facing mental health crises since the start of the pandemic.

Yes, but: The 988 code will not be active immediately after the FCC votes on establishing it at a Thursday morning meeting.

  • Phone companies must implement the change by July 16, 2022, according to a draft of the agency's order.
  • Until then, the Lifeline can be reached at 1-800-273-8255 (1-800-273-TALK).

Meanwhile, the House Energy and Commerce Committee on Wednesday voted to advance to the full chamber the National Suicide Hotline Designation Act of 2019, codifying the 988 dialing code and allowing states to impose a fee on voice service subscribers' bills to help fund suicide prevention services.

6. Take Note

On Tap

Trading Places

  • Zynga is adding TrueCar CFO Noel Watson to its board of directors. Watson, who was previously Tripadvisor's chief accounting officer, also becomes Zynga's first Black board member.
  • Airbnb made a number of executive moves, including hiring former Disney executive Catherine Powell as global head of hosting and former Apple marketing executive Hiroki Asai as global head of marketing. Meanwhile, Greg Greeley, who had led Airbnb's Homes unit, is leaving the company.

ICYMI

  • Apple is expanding its partnership with historically Black colleges, adding coding centers at more universities. (Axios)
  • Shares of SMIC, China's biggest chipmaker, soared after its debut on the Shanghai stock market. (CNBC)
  • TikTok, under fire for its Chinese ties and perceived security issues, has dramatically ramped up its D.C.-based lobbying effort. (NYT)
  • Facebook will add labels, which will direct users to electoral information, to all posts about voting from presidential candidates. (Axios)
7. After you Login

Talk about having to watch out for bugs. Check out this bug cam.

Ina Fried