When federal judge James Boasberg dismissed the Federal Trade Commission’s antitrust lawsuit against Facebook in June, he gave the agency pretty specific instructions on how to salvage it. The problem, he wrote in his opinion, was that the FTC hadn’t offered even the barest evidence that Facebook is a monopoly, beyond the vague claim that it “maintained a dominant share of the US personal social networking market (in excess of 60 percent).” As Boasberg noted, that inexplicably left some basic questions unanswered, such as: 60 percent of what? Who makes up the leftover 40 percent? It was a bit like accusing a driver of speeding without even mentioning the speed limit.
To get back into court and advance to the next stage of litigation, the FTC would have to come back with something a lot more specific. That presented an interesting early assignment for Lina Khan, who was confirmed as commissioner of the agency a mere two weeks before Boasberg issued his ruling. (Facebook has sought to have Khan recused from the case on the basis of her public criticism of big tech companies before her current job, though experts see little chance of that succeeding.)
On Thursday, the FTC filed its revised complaint answering those previously unanswered questions. While it’s impossible to predict how a given judge will rule, the new material seems likely to satisfy Boasberg and keep the case alive. “To my eye, they’ve scratched Boasberg’s itch,” said Paul Swanson, an antitrust attorney in Denver. Facebook, he said, may not be able to avoid “a long slog of document productions and depositions.”
To prove that Facebook is a monopoly for legal purposes, the FTC doesn’t have to show that it’s literally the only social network. They have to show that it has “market power.” In a nutshell, having market power means you face so little competition that you can do things your customers don’t like without losing any business. It’s one of the main reasons antitrust law exists: When there isn’t enough competition, companies will stop trying to please their customers and start trying to squeeze them. Think about how frustrating it is when your internet provider raises prices and you realize no one else serves your neighborhood. That’s market power.
There are two ways to show market power: indirect evidence and direct evidence. Indirect evidence usually refers to dominant market share. (That might sound counterintuitive, but the reason it’s indirect is because being big on its own doesn’t prove a company is doing anything wrong—it just raises the strong possibility.) In its initial complaint, the FTC only offered indirect evidence, and very little of it: that feeble 60 percent statistic, which Boasberg ruled was inadequate. The revised complaint, on the other hand, goes into great detail on market share. Drawing on data from the analytics company Comscore—which, the complaint notes, Facebook itself relies on—the FTC argues that just about any way you slice it, Facebook controls a dominant chunk of the market for “personal social networking services.” According to the Comscore data, Facebook has accounted for more than 80 percent of time spent since 2011, at least 70 percent of daily active users, and at least 65 percent of monthly active users.
The new complaint also tightens up the FTC’s definition of the market itself, which is another crucial part of any monopolization case. You can’t prove a company has market power without explaining which market they have power in. According to the agency, the market for personal social networking services has three key attributes: First, a network has to be “built on a social graph that maps the connections between users and their friends, family, and other personal connections.” Second, it has to have features for users to interact with each other in a “shared social space,” like a news feed or group. Third, it has to allow users to look each other up. (Think about how you can search for someone by name on Facebook, but not in iMessage.)
The Green Bay Packers play in one of the tiniest media markets in the NFL, with a small but famously loyal fan base. It’s a key part of their charm. It’s also why it was so bewildering to discover that the single most-viewed URL on Facebook over the past three months, with 87.2 million views, belongs to an obscure site devoted to charging people to hang out with former Packers players.
That fact is one of several bizarre data points to emerge from Facebook’s first-ever “Widely Viewed Content Report.” The document is apparently an attempt to push back against the narrative that the platform is overrun with misinformation, fake news, and political extremism. According to data from its own publicly available analytics tool, CrowdTangle—data skillfully popularized by New York Times reporter Kevin Roose—the list of pages and posts with the highest engagement on the platform is heavily dominated by less-than-reputable right-wing publications and personalities like NewsMax and Dan Bongino, who vastly outperform more trustworthy mainstream publications.
Facebook has long argued that engagement doesn’t tell the whole story. A more accurate way to measure what’s popular on Facebook, the company’s executives say, is to look at total impressions, or “reach”—that is, how many people see a given piece of content rather than how many like or comment on it. The obvious problem with that argument is that, until Wednesday, Facebook had never shared any data on reach, making its claims impossible to verify. As Roose wrote last month, a proposal to make that data public ran into resistance within the company because it also might not make Facebook look so hot. As CrowdTangle CEO Brandon Silverman reportedly put it in an internal email, “Reach leaderboard isn’t a total win from a comms point of view.”
Now we have some idea of what Silverman may have meant.
The new report consists mostly of four Top 20 lists: the most viewed domains, links, pages, and posts over the last three months. (Facebook says it will release the reports quarterly.) The domains list contains mostly unsurprising results, including the likes of YouTube, Amazon, and GoFundMe—prominent websites that you’d expect to be posted a lot on Facebook. (Those results are not just unsurprising but unhelpful, since a link to the YouTube domain, say, could be for any one of literally billions of videos.) But number nine is the URL playeralumniresources.com—that Packers website. Things get even stranger in the Top 20 links ranking, where that URL comes in first place, meaning the homepage of Player Alumni Resources was somehow more popular on Facebook than every other site on the internet. The rest of the list contains similar surprises. In second place is a link to purehempshop.com; in fifth, with 51.6 million views, is reppnforchrist.com.
Is Player Alumni Resources, run by former Packers kicker Chris Jacke, quietly a Facebook juggernaut? Its official page has only 4,100 followers. Its posts get very few likes or comments. What’s going on here?
The answer: memes. From his personal account, which has more than 120,000 followers, Jacke posts a steady stream of low-rent viral memes that have nothing to do with the Packers, adding the URL of his business to the top of the post. We’re talking the likes of “Pick one cookie variety to live without,” or “Give yourself a point for each of these that you’ve done.” A post of a meme asking what word people use for soda (or pop, if you insist), for example, racked up more than 2 million interactions in June, according to CrowdTangle data. Jacke didn’t respond to requests for comment.
This seems to be the modus operandi of the other seemingly random members of the link leaderboard. The hemp store in second place, with 72.1 million views? That appears to be the handiwork of Jaleel White, best known for playing Steve Urkel on Family Matters. White, whose page has nearly 1.5 million followers, posts meme after recycled meme, each one graced with a link to a CBD product store.
As Indian democracy crumbles day upon day under the grasp of Narendra Modi, social media platforms have functioned in lieu of a free press. As Reporters Without Borders recently noted, journalists in India “risk dismissal if they criticize the government.” Since Modi took control in 2014, India’s ranking on the World Press Freedom Index has fallen every year, plateauing at 142 (of 180 countries and regions) between 2020 and 2021.
But Modi is effectively squashing social media as a remaining lifeline, via IT regulations implemented in February that activists and concerned citizens alike have called unconstitutional and undemocratic. The new rules give the Indian government more power in managing their perception, with tech companies and video content providers forced to comply. They require social media platforms to be responsive about complaints about posts on their network, divulging to the government whom the “originator” of flagged content is—essentially ending end-to-end encryption.
Compounding this suppression is the fact that US-based tech companies had already been increasingly bowing to Modi’s Bharatiya Janata Party (BJP) government. Weeks before the rules were implemented, Twitter suspended hundreds of accounts of journalists, media outlets, and politicians from opposition parties, among others, during the country’s farmers’ protests against new agricultural laws, in addition to blocking hundreds of pro-farmer tweets the government deemed “controversial.” Similarly, a 21-year-old climate activist supporting the protests was arrested for having edited a Google Doc with resources for protesters and people supporting the protests. The police found out she’d edited the document when Google shared her data.
Tech giants based in America have long thrived on exploiting the so-called global south. We have always been a good source of data and companies have appeased authoritarian regimes in exchange for this new, much-sought-after capital.
This is nothing short of digital colonialism: Where colonial powers once sought natural resources, today they seek data.
If the platform giants don’t follow the Indian government’s new regulations, they may lose a market of 1.3 billion people. And that’s something they’re clearly not willing to risk, regardless of the price Indian citizens themselves pay.
At the beginning of the pandemic, Big Tech started making a power grab in the global south that wasn’t just about deepening an already existent reliance on technology. It was about expanding territories by seizing opportunities with local partners.
In April 2020, Facebook picked up a 9.99 percent stake ($5.7 billion) in Reliance Industries’ Jio Platforms, India’s largest mobile network provider. In November, WhatsApp finally launched payments in India. And in June of this year, Google announced an Android smartphone in collaboration with Jio. In just the first eight months of the pandemic, Reliance owner Mukhesh Ambani’s wealth ballooned by $22 billion.
More than the money, however, as these new IT regulations are enforced, gaps between how Big Tech presents itself in the West versus how it presents itself in India have widened. In the former instance, the likes of Jack Dorsey have taken a strong stance against political figures like Donald Trump, following the January 6 Capitol insurrection. Dorsey defended banning Trump on account of potential “offline harm.”
In response, Indian BJP leaders tweeted out in support of Trump, stating that “if they can do this to POTUS, they can do this to anyone” and “big tech firms are now the new oligarchs.” Yet they must’ve known these firms would cede to the true new oligarchs, themselves.
In India, a country with increasingly (and historically) tense Hindu-Muslim relations, a politician’s tweet linking Islam with terrorism was removed only at the behest of his own government. Similarly, the BJP’s social media head tweeted a video suggesting that a protest against a controversial citizenship law in India was “sponsored” by the opposition party—something that was found to be false. That tweet is still on the platform without any tags marking it as false.
Why these inconsistencies? The question cannot be about whether the governments in countries like India are solely responsible for the state of their democracies. That view, especially if limited to the global south, is naive and culturally imperialist. If the Cambridge Analytica scandal has taught the world anything, it’s that data can make or break democratic elections anywhere.
Big Crypto has arrived. On August 10, following days of wrangling and furious tweeting, cryptocurrency enthusiasts, advocates, and entrepreneurs watched in horror as the US Senate approved a $1 trillion infrastructure bill, complete with an article that many fear might jeopardize the whole American crypto sector beyond repair. The controversial rule would require that “brokers” of transactions in digital assets—i.e., cryptocurrencies—report their customers to the Internal Revenue Service so they can be taxed.
The crypto crowd griped that the bill’s definition of “broker” was so broad it would potentially encompass miners, validators, and developers of decentralized applications—all of which, while playing pivotal roles in the functioning of a blockchain ecosystem, have no way of identifying their anonymous users.
Initially, it had looked like the bill’s language might be tweaked to exempt those categories, as a trio of senators put forth an amendment clarifying the “broker” term. Then a White House-backed amendment appeared, pushing for a less lenient clarification, exempting proof-of-work miners—which use an energy-intensive process to secure blockchains such as Bitcoin or Ethereum—but not many other categories, such as proof-of-stake validators, which carry out the same function without the energy burning. Just as a compromise position was being worked out, the Senate decided to pass the bill unamended. Any change will have to happen at a later stage—and it likely will, given the patent unenforceability of the bill as is.
On the face of it, it’s a drubbing for American crypto. But the narrative that has been doing the rounds is quite different: The infrastructure bill is a watershed moment in the history of cryptocurrency. The technology—at its core a crypto-anarchist, anti-bank, borderline anti-government manifesto disguised as code—has finally acquired that great marker of prestige: a lobby. The fact that some senators were ready to fight in crypto’s corner appears to show that the cryptocurrency industry is more than a gaggle of Twitter accounts and some blue-sky venture capitalists. Whatever the reason, it has influence, and—after the infrastructure bill saga—it will be ready to wield it even more deftly.
“We’re seeing the formalization, the maturing, of the crypto lobby, and this was the first coordinated effort that brought that to bear,” says Alex Brammer, vice president of business development at Luxor Tech, a bitcoin mining company. “Organizations like the Blockchain Association, the Texas Blockchain Council, or the Chamber of Digital Commerce are certainly going to continue their work.”
Cryptocurrency is usually, and lazily, described as a Wild West, but as a matter of fact the established businesses operating in the sector—from big mining enterprises to Wall Street–listed giants such as Coinbase—tend to crave regulation to define the boundaries of what is acceptable and what might get them into trouble. “Sophisticated players in this space welcome intelligent regulation. It provides clarity and predictability for large operations,” Brammer says. “It provides a set of rules of the road that allow large, publicly traded companies to make sure that they’re doing everything they can to be as viable and as profitable as possible going forward.”
But where does that leave the smaller, less established, less corporate players? Bitcoin—an asset owned and lionized by billionaires such as Mark Cuban and Elon Musk—has been growing since 2009 into an industry that carries heft and brand recognition. (Even Ted Cruz is waxing lyrical about it).
The much-contested amendment approved by the White House would have saved bitcoin while throwing much of crypto under the bus. Granted, when that plan emerged, the crypto lobby—or, at least, crypto-Twitter—rose as one against it. Jerry Brito, executive director of cryptocurrency trade group Coin Center thundered against the Senate’s attempt to pick “winners and losers,” while venture capitalist and crypto-ideologue Balaji Srinivasan said that the amendment would eventually open the door to a full-blown bitcoin ban. But it is worth wondering whether, in the long run, a rift might open between a Big Crypto clamoring for clear regulation to achieve peace of mind and the smaller actors of the cryptocurrency community, who might be less well equipped to meet the requirements that regulation would impose.
Not all data breaches are created equal. None of them are good, but they do come in varying degrees of bad. And given how regularly they happen, it’s understandable that you may have become inured to the news. Still, a T-Mobile breach that hackers claim involved the data of 100 million people deserves your attention, especially if you’re a customer of the “un-carrier.”
As first reported by Motherboard on Sunday, someone on the dark web claims to have obtained the data of 100 million from T-Mobile’s servers and is selling a portion of it on an underground forum for 6 bitcoin, about $280,000. The trove includes not only names, phone numbers, and physical addresses but also more sensitive data like social security numbers, driver’s license information, and IMEI numbers, unique identifiers tied to each mobile device. Motherboard confirmed that samples of the data “contained accurate information on T-Mobile customers.”
A lot of that information is already widely available, even the social security numbers, which can be found on any number of public records sites. There’s also the reality that most people’s data has been leaked at some point or another. But the apparent T-Mobile breach offers potential buyers a blend of data that could be used to great effect, and not in ways you might automatically assume.
“This is ripe for using the phone numbers and names to send out SMS-based phishing messages that are crafted in a way that’s a little bit more believable,” says Crane Hassold, director of threat intelligence at email security company Abnormal Security. “That’s the first thing that I thought of, looking at this.”
Yes, names and phone numbers are relatively easy to find. But a database that ties those two together, along with identifying someone’s carrier and fixed address, makes it much easier to convince someone to click on a link that advertises, say, a special offer or upgrade for T-Mobile customers. And to do so en masse.
The same is true for identity theft. Again, a lot of the T-Mobile data is out there already in various forms across various breaches. But having it centralized streamlines the process for criminals—or for someone with a grudge, or a specific high-value victim in mind, says Abigail Showman, team lead at risk intelligence firm Flashpoint.
And while names and addresses may be fairly common grist at this point, International Mobile Equipment Identity numbers are not. Because each IMEI number is tied to a specific customer’s phone, knowing it could help in a so-called SIM-swap attack. “This could lead to account takeover concerns,” Showman says, “since threat actors could gain access to two-factor authentication or one-time passwords tied to other accounts—such as email, banking, or any other account employing advanced authentication security feature—using a victim’s phone number.”
That’s not a hypothetical concern; SIM-swap attacks have run rampant over the past several years, and a previous breach, which T-Mobile disclosed in February, was used specifically to execute them.
T-Mobile confirmed on Monday that a breach had occurred but not whether customer data had been compromised. “We have been working around the clock to investigate claims being made that T-Mobile data may have been illegally accessed,” the company said in an emailed statement. “We have determined that unauthorized access to some T-Mobile data occurred, however we have not yet determined that there is any personal customer data involved. We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed.”