Back in 2011, Microsoft officially filed an antitrust complaint against Google in the EU. At the time, we noted how silly this was, given that the company itself had spent years battling EU antitrust regulations. It almost felt like a "well, if we had to go through that hellish process, let's put it on Google too..." kind of thing. Within less than a year, Google filed its own antitrust complaint back against Microsoft. As we noted at the time, both claims seemed kind of ridiculous and overblown -- and it bothered us greatly that these companies were resorting to stupid political games, rather than just competing in the market.
It had always been obvious and well-known that both groups were Microsoft front groups, and now it's official... and over. According to Re/code:
“Microsoft has agreed to withdraw its regulatory complaints against Google, reflecting our changing legal priorities,” a Microsoft representative said in a statement to Re/code. “We will continue to focus on competing vigorously for business and for customers.”
Google, meanwhile, offered up a similar statement, affirming that it too will withdraw any regulatory complaints it has made. “Our companies compete vigorously, but we want to do so on the merits of our products, not in legal proceedings.”
Of course they could have, and should have, done that five years ago, rather than going through this wasteful process for all involved. The Re/code report suggests a big reason for the shift is the new leadership atop both Google and Microsoft, leading to less animosity and a willingness to work together in some areas and compete directly in the market. It was disappointing that the two ever bothered to focus on trying to dump bureaucratic nightmares on each other in the first place, so it's good that that part is over. However, the antitrust investigations and potential outcomes won't stop just because the companies have stopped supporting them. Once those launched, they'll keep on going.
News Corp is concerned Google reinforces its dominance in general search by “scraping” or copying content from publishers to display the results of news articles, according to the person. News Corp alleges that if the publisher doesn’t want the content to be copied, Google doesn’t show the articles in the results at all, the person said.
That News Corp hates Google is well known. The company's CEO, Robert Thomson, has a history of barely comprehensible anti-Google rants, based on a confused (i.e. wrong) understanding of how the internet works. Thomson keeps claiming that Google is "stealing" News Corp content by linking people to it and sending the company traffic.
And, again, that seems to be the basis of the complaint here as well. It's difficult to parse what the complaint even means. News Corp "is concerned Google reinforces its dominance in general search by “scraping” or copying content from publishers to display the results of news articles...." Huh? Google indexes the web. That's what it does. That's how search engines work. Is News Corp trying to argue that indexing the internet is illegal? Really? And the fact that it's built a specialized news service -- how is that a problem?
And then the complaint seems to flip over into a complaint that Google doesn't do enough: "News Corp alleges that if the publisher doesn’t want the content to be copied, Google doesn’t show the articles in the results at all." Um, okay. If you don't want Google to index your content, then how can it show the articles in the results? It doesn't have the information to do so.
So what is News Corp's complaint here? First it's that Google indexes their content... and then they complain that if Google doesn't index their content, they won't show up in search results. This makes no sense at all.
Of course, that's because we know what the real complaint here is: News Corp wants Google to give it money. Whatever you might think of the EU's antitrust case against Google in other areas, this argument seems particularly ridiculous and just seems like Thomson and Rupert Murdoch's sour grapes over the fact that Google is a successful company.
This was widely expected, but the EU Commission, led by Competition Commissioner Margrethe Vestager, has officially announced that it's going after Google over some of its practices concerning Android. This comes just a day after Canadian antitrust officials went in the other direction, finding no evidence that Google's activities stifle competition. The EU has a few specific concerns about Android:
The Commission's preliminary view is that Google has implemented a strategy on mobile devices to preserve and strengthen its dominance in general internet search. First, the practices mean that Google Search is pre-installed and set as the default, or exclusive, search service on most Android devices sold in Europe. Second, the practices appear to close off ways for rival search engines to access the market, via competing mobile browsers and operating systems. In addition, they also seem to harm consumers by stifling competition and restricting innovation in the wider mobile space.
I definitely worry about monopolistic practices by incumbent players crowding out startups and innovation, so I was keen to dig in on the details here, but they seem oddly... lacking. I've noted in the past that the EU tends to view antitrust through a fairly different lens than the US does, and perhaps that's the issue here. This is a broad generalization, but for the most part, the US focuses on whether or not practices harm consumers. The EU tends to focus on whether or not a company is really big. I think the US standard makes a lot more sense.
Let's dig in to the specific complaints raised by the EU, saying each of these practices violated antitrust laws:
requiring manufacturers to pre-install Google Search and Google's Chrome browser and requiring them to set Google Search as default search service on their devices, as a condition to license certain Google proprietary apps;
Many people have compared this to the case against Microsoft from the early 2000s, in which it got dinged for making Internet Explorer the default. Of course, a quick retort on that is: where is Internet Explorer in the browser market today? It's basically a non-entity, and it wasn't because of any antitrust penalties (which were basically wrist slaps). And, either way it appears that the issue here with Google is that it requires all of its core services to be bundled together: so if you want to offer the Google Play Store, then you have to also offer the other pieces of the Google app suite so that they work well together. But, of course, this also doesn't stop phone makers or service providers from adding their own apps as well. I now have a bloat-free Android phone running Cyanogenmod, but back when I had a Samsung S4 on Sprint, it came with a ton of bloatware from both Samsung and Sprint (and, frankly, all of it was useless and annoying).
Perhaps there's an issue with making Google search the default, but is anyone actually harmed by having Google's search as the (easily changed) default on an Android phone? It certainly seems like Apple's iOS ecosystem is a lot more restrictive. At least with Google you can route around Google's app store and sideload apps easily or use alternative app stores. I frequently use Amazon's app store, for example.
preventing manufacturers from selling smart mobile devices running on competing operating systems based on the Android open source code;
This is the one prong (out of three) that at least seems worth investigating more. I can understand Google's position -- that if you're offering Google's suite of apps, you need to offer Google's version of Android to make sure everything works together well -- but this seems like an unnecessary condition for Google to include in those agreements. The simple fact is that most manufacturers are likely to want to go with a stock Android anyway, and just pile on their own customizations and bloatware. In most cases, there isn't going to be that much desire for manufacturers to use an Android fork. But, if they do... so what? I don't really understand why Google prevents manufacturers from choosing to offer different flavors of Android, but I'm also not sure that this is an antitrust issue.
giving financial incentives to manufacturers and mobile network operators on condition that they exclusively pre-install Google Search on their devices.
This one probably confuses me the most. This is just a business deal for installing software on phones. For years, Google paid Mozilla to be its default search in Firefox, and then Yahoo outbid it to become the default. That's how business works. Google isn't leveraging its market position here -- it's just doing a deal. The EU claims that its issue is "not with financial incentives in general but with the conditions associated with Google's financial incentives, in particular with the condition that the financial incentive is not paid if any other search provider than Google Search is pre-installed on smart mobile devices." But... isn't that the nature of the deal? If you're doing a business deal to be the exclusive search provider, then, shouldn't you be the exclusive search provider?
It will obviously be worth watching how all of this plays out. The EU has made it clear for a while that it has it in for Google, so if I had to predict, this process won't go well for Google.
Frankly, if I were Google, I probably would have dropped a lot of the exclusivity requirements. I know they're in a race to see who will get access to the most data, but let the apps and services compete and see who wins out. Google's app ecosystem does well because it tends to be pretty good. Google could have avoided at least some of this fight by just trusting its own services to win out, rather than pushing for certain defaults and exclusivities. Some others have made this point as well:
I'm pretty sure Google can survive and come out the winner. The best of its products -- that ones that have the most users -- are excellent. People won't stop using Google Maps just because it isn't preinstalled on their phones. It's among the top 10 most downloaded applications in Apple's App Store because iPhone users often prefer it to Apple's own map software. Chrome is in the top 100 most downloaded apps even though it's impossible to change the default browser in iOS from Apple's Safari without "jailbreaking" the device to untether it from Apple support.
Google's search engine, too, wouldn't be dominant if it didn't index more pages than competitors and produce better results. YouTube is a must-have app, while Google's cloud office services are free, unlike, say, Microsoft's, and they work just as well.
These are great, competitive products. They don't really need the extra push from restrictive deals between Google and phone manufacturers. Google's brand name is strong with those who buy Android phones, and, given a choice, they are likely to prefer Google products rather than spend time researching alternatives. The company may need to spend a bit more on advertising its products in a free-choice situation, but that won't break the bank because the apps are already hugely popular.
But what Google should do, and what the EU should force it to do, are different questions. I'd much prefer that Google take a more open approach to these things, but I'm not convinced that we want bureaucrats deciding for the company exactly what Google's approach on the mobile phone should be.
When you testify before Congress, it helps to actually have some knowledge of what you're talking about. On Tuesday, the House Energy & Commerce Committee held the latest congressional hearing on the whole silly encryption fight, entitled Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives. And, indeed, they did have witnesses presenting "industry" and "law enforcement" views, but for unclear reasons decided to separate them. First up were three "law enforcement" panelists, who were free to say whatever the hell they wanted with no one pointing out that they were spewing pure bullshit. You can watch the whole thing below (while it says it's 4 hours, it doesn't actually start until about 45 minutes in):
Lots of craziness was stated -- starting with the idea pushed by both chief of intelligence for the NYPD, Thomas Galati and the commander of the office of intelligence for the Indiana State Police, Charles Cohen -- that the way to deal with non-US or open source encryption was just to ban it from app stores. This is a real suggestion that was just made before Congress by two (?!?) separate law enforcement officials. Rep. Morgan Griffith rightly pointed out that so many encryption products couldn't possibly be regulated by US law, and asked the panelists what to do about it. You can watch the exchange here:
You see Cohen ridiculously claim that since Apple and Google are gatekeepers to apps, that the government could just ban foreign encryption apps from being in the app stores:
Right now Google and Apple act as the gatekeepers for most of those encrypted apps, meaning if the app is not available on the App Store for an iOS device, if the app is not available on Google Play for an Android device, a customer of the United States cannot install it. So while some of the encrypted apps, like Telegram, are based outside the United States, US companies act as gatekeepers as to whether those apps are accessible here in the United States to be used.
This is just wrong. It's ignorant and clueless and for a law enforcement official -- let alone one who is apparently the "commander of the office of intelligence" -- to not know that this is wrong is just astounding. Yes, on Apple phones it's more difficult to get apps onto a phone, but it's not impossible. On Android, however, it's easy. There are tons of alternative app stores, and part of the promise of the Android ecosystem is that you're not locked into Google's own app store. And, really, is Cohen literally saying that Apple and Google should be told they cannot allow Telegram -- one of the most popular apps in the world -- in their app stores? Really?
Galati then agreed with him and piled on with more ignorance:
I agree with what the Captain said. Certain apps are not available on all devices. So if the companies that are outside the United States can't comply with same rules and regulations of the ones that are in the United States, then they shouldn't be available on the app stores. For example, you can't get every app on a Blackberry that you can on an Android or a Google.
Leaving aside the fact he said "Android or a Google" (and just assuming he meant iPhone for one of those)... what?!? The reason you can't get every app on a BlackBerry that's on other devices has nothing to do with any of this at all. It's because the market for BlackBerry devices is tiny, so developers don't develop for the BlackBerry ecosystem (and, of course, some BlackBerries now use Android anyway, so...). That comment by Galati makes no sense at all. Using the fact that fewer developers develop for BlackBerry says nothing about blocking foreign encryption apps from Android or iOS ecosystems. It makes no sense.
Why are these people testifying before Congress when they don't appear to know what they're talking about?
Later in the hearing, when questioned by Rep. Paul Tonko about how other countries (especially authoritarian regimes) might view a US law demanding backdoors as an opportunity to demand the same levels of access, Cohen speculated ridiculously, wildly and falsely that he'd heard that Apple gave China its source code:
Here's what Cohen says:
In preparing for the testimony, I saw several news stories that said that Apple provided the source code for iOS to China, as an example. I don't know whether those stories are true or not.
Yeah, because they're not. He then goes on to say that Apple has never said under oath whether or not that's true -- except, just a little while later, on the second panel, Apple's General Counsel Bruce Sewell made it quite clear that they have never given China its source code. Either way, Cohen follows it up by saying that Apple won't give US law enforcement its source code, as if to imply that Apple is somehow more willing to help the Chinese government hack into phones than the US government. Again, this is just blatant false propaganda. And yet here is someone testifying before Congress and claiming that it might be true.
Thankfully, at the end of the hearing, Rep. Anna Eshoo -- who isn't even a member of the subcommittee holding the hearing (though she is a top member of the larger committee) joined in and quizzed Cohen about his bizarre claims:
She notes that it's a huge allegation to make without any factual evidence, and asks if he has anything to go on beyond just general "news reports." Not surprisingly, he does not.
Elsewhere in the hearing, Cohen also insists that a dual key solution would work. He says this with 100% confidence -- that if Apple and law enforcement had a shared key it would be "just like a safety deposit box." Of course, this is also just wrong. As has been shown for decades, when you set up a two key solution, you're introducing vulnerabilities into the system that almost certainly let in others as well.
And then, after that, Rep. Jerry McNerney raises the point -- highlighted by many others in the past -- that rather than "going dark," law enforcement is in the golden age of surveillance and investigation thanks to more and new information, including that provided by mobile phones (such as location data, metadata on contacts and more). Cohen, somewhat astoundingly, claims he can't think of any new information that's now available thanks to mobile phones:
Sir, I'm having problems thinking of an example of information that's available now that was not before. From my perspective, thinking through investigations that we previously had information for, when you combine the encryption issue along with shorter and shorter retention periods, in a service provider, meaning they're keeping their records, for both data and metadata, for a shorter period of time, available to legal process. I'm having difficulty finding an example of an avenue that was not available before.
Huh?!? He can't think of things like location info from mobile phones? He can't think of things like metadata and data around unencrypted texts? He can't think of things like unencrypted and available information from apps? Then why is he on this panel? And the issue of data retention? Was he just told before the hearing to make a point to push for mandatory data retention and decided to throw in a nod to it here?
At least Galati, who went after him, was willing to admit that tech has provided a lot more information than in the past -- but then claimed that encryption was "eliminating those gains."
Cohen is really the clown at the show here. He also claims that Apple somehow decided to throw away its key and that it was "solving a problem that doesn't exist" in adding encryption:
There he's being asked by Rep. Yvette Clarke if he sees any technical solutions to the encryption issue, and he says:
The solution that we had in place previously, in which Apple did hold a key. And as Chief Galati mentioned, that was never compromised. So they could comply with a proper service of legal process. Essentially, what happened is that Apple solved a problem that does not exist.
Again, this is astoundingly ignorant. The problem before was that there was no key. It wasn't that Apple had the key, it's that the data was readily available to anyone who had access to the phone. That put everyone's information at risk. It's why there was so much concern about stolen phones and why stolen phones were so valuable. For a law enforcement official to not realize that and not think it was a real problem is... astounding. And, again, raises the question of why this guy is testifying before Congress.
It also raises the question of why Congress put him on a panel with no experts around to correct his many, many errors. At the very least, towards the beginning of the second panel, Apple GC Sewell explained how Cohen was just flat out wrong on these points:
If you can't see that, after his prepared remarks, Sewell directly addresses Cohen's claims:
That's where I was going to conclude my comments. But I think I owe it to this committee to add one additional thought. And I want to be very clear on this: We have not provided source code to the Chinese government. We did not have a key 19 months ago that we threw away. We have not announced that we are going to apply passcode encryption to the next generation iCloud. I just want to be very clear on that because we heard three allegations. Those allegations have no merit.
A few minutes later, he's asked directly about this and whether or not the Chinese had asked for the source code, and Sewell says that, yes, the Chinese have asked, and Apple has refused to give it to them:
Seems like they could have killed 3 hours of ignorant arguments presented to Congress, if they had just not allowed such ignorance to be spewed earlier on.
Yesterday we wrote about the fairly unsurprising, but still good, news that the Supreme Court had rejected an attempted appeal by the Authors Guild of the really excellent fair use decision by the 2nd Circuit appeals court over whether or not Google scanning books to build a giant, searchable index was fair use.
“Blinded by the public benefit arguments, the Second Circuit’s ruling tells us that Google, not authors, deserves to profit from the digitization of their books,” said Mary Rasenberger, executive director of the Authors Guild.
Did you get that? The Authors Guild is so completely out of touch that it actually thinks that "public benefit arguments" have no place in copyright disputes, despite the very fact that the Constitutional underpinnings of copyright law is to maximize the public's benefit. And, of course, this all ignores the fact that the vast, vast majority of authors greatly benefit from such a searchable index in that it drives more sales of books.
But, on with the hyperbole:
“Today authors suffered a colossal loss,” said Authors Guild president Roxana Robinson. “We filed the class action lawsuit against Google in September 2005 because, as we stated then, ‘Google’s taking was a plain and brazen violation of copyright law.’ We believed then and we believe now that authors should be compensated when their work is copied for commercial purposes.”
What you believe, and what the law says, are different. And that was the case back in 2005 when you filed the suit just like many of us said at the time.
“The price of this short-term public benefit may well be the future vitality of American culture,” continued Rasenberger. “Authors are already among the most poorly paid workers in America; if tomorrow’s authors cannot make a living from their work, only the independently wealthy or the subsidized will be able to pursue a career in writing, and America’s intellectual and artistic soul will be impoverished.”
This is ridiculous on so many levels. First, most authors cannot make a living today because most books don't sell. That's not the fault of Google Books. In fact, as noted time and time again, Google Books acts as a discovery mechanism for many books and increases sales (I've bought dozens of books thanks to finding them via Google Book Search). Second, the gloom and doom predictions of legacy industries over new technologies is time-worn and has never been even remotely correct.
What Rasenberger leaves out of her ignorant whine is the fact that in the time that Google Books has existed, the number of authors has increased massively. No, they're not all making a living, but the purpose of copyright law is to incentivize the creation of new works for the public, and the public is getting an astounding amount of new works -- a totally unprecedented amount of new works actually -- and it's got nothing to do with anything the Authors Guild has done.
And, of course, the Authors Guild still won't give up, promising to fight this issue in other courts, hoping to get a circuit split that the Supreme Court will review:
Following the Supreme Court’s order, the Guild vowed to remain vigilant to ensure that the Second Circuit’s ruling is not taken as carte blanche for unfettered digitization of books. “The Second Circuit decision took pains to highlight that fair use was found based on the strict display restrictions and security measures currently employed by Google,” said Authors Guild general counsel Jan Constantine. “We’ll continue to monitor Google and its library partners to ensure these standards are met, as we will take appropriate action to ensure that fair use isn’t abused.”
To ensure that fair use isn't abused? Lovely people at the Authors Guild who outright declare themselves against public benefit, and then worry about the "expansion" and "abuse" of fair use. Does no one at the Authors Guild recognize that their authors are protected by fair use as well and many of them rely on it all the time? Who would ever join such a backwards looking and thinking organization?
Last fall, the 2nd Circuit appeals court gave a clear and convincing win to Google in the long-running Authors Guild case against Google's book scanning program. And, really, the decision was a massive win for the public, in that it was a strong defense of fair use (even in commercial settings). But, of course, the still clueless Authors Guild -- which doesn't seem to actually represent the interests of most authors (many of whom have found Google Books to be a profoundly useful tool) -- decided to ask the Supreme Court to overturn the case.
If you can't read that, it just says that the petition for cert is denied and that Justice Kagan "took no part in the consideration." I'm not exactly sure why Kagan abstained -- I thought perhaps she had weighed in on earlier rounds of the case as Solicitor General, but can't find anything.
Either way, this is a very good thing. The excellent 2nd Circuit ruling stands. And while it technically only applies to cases in that circuit, it will most likely influence cases elsewhere. Also, the Supreme Court has a long, and unfortunate, history of coming up with nutty decisions in big copyright cases.
We've been quite concerned about new internet regulations on the way from the EU, with a focus on how internet platforms must act. As we've noted, the effort is officially part of the (reasonable and good!) idea of making a "Digital Single Market," but where the process is being used by some who think it's an opportunity to attack the big internet companies (mainly Google and Facebook). There are two EU Commissioners heading up the effort, and one, Gunther Oettinger, has been fairly explicit that he'd like to burden American internet firms with regulations to "replace" them with European equivalents. Of course, as we've noted, when you have giant companies like Google and Facebook, they can pretty much handle whatever regulatory burden you throw at them. It's the innovators and the startups that will be shut out because they won't be able to manage it. So, ironically, in trying to hold back Google and Facebook with regulations, the EU would really only entrench them as the only players able to handle those regulations.
The other EU Commissioner deeply involved with this process is Andrus Ansip, who is generally seen as more reasonable on internet and technology issues. He actually seems to understand many of the trade offs at play. So it was mostly good to see him make some comments recognizing that across-the-board regulations may have negative consequences:
European Commission Vice-President Andrus Ansip, who is overseeing a wide-ranging inquiry into how web platforms conduct their business, said on Friday the EU executive would not take a horizontal approach to regulating online services.
"We will take a problem-driven approach," Ansip said. "It's practically impossible to regulate all the platforms with one really good single solution."
Andrus Ansip, who is overseeing an overhaul of the bloc’s copyright rules, said the YouTube’s comparatively small payments to artists gave it an unfair advantage over rivals such as Spotify, the Swedish streaming service.
“This is not only about rights owners and creators and their remuneration — it is also about a level playing field between different service providers,” said the former prime minister of Estonia. “Platforms based on subscriptions are remunerating those authors; others service providers do not. How can they compete?”
Different services have different business models and offer different features and benefits. That's how competition and innovation work. What if it's Spotify's model that is the problematic and unsustainable one? Why is the EU choosing one particular business model over another and suggesting that all business models should work the same way?
Now, I know that there have been lots of complaints about how much YouTube pays -- just as there have been lots of complaints about how much Spotify pays. And I'm not sure how telling these companies how they have to run their business fixes any of that. Because, at the same time, I know of artists who say that they've only become successful because of YouTube or because of Spotify. They're pretty happy with how those systems work. Why should the EU government suddenly come in and say "this model is okay -- this model is not"?
Mandating business models and worrying that one business decision makes it more difficult to compete -- and thinking that's a regulatory issue -- doesn't seem like a good way to encourage startups and innovation in Europe. It sounds like a massive headache for any platform -- especially smaller ones -- operating in Europe.
From net neutrality to municipal broadband, to new broadband privacy rules and a quest to open up the cable set top box to competition, we've noted repeatedly that the FCC under Tom Wheeler isn't the same FCC we've learned to grumble about over the years. For a twenty-year stretch, regardless of party control, the agency was utterly, dismally apathetic to the lack of competition in the broadband space. But under Wheeler, the FCC has not only made broadband competition a priority, but has engaged in other bizarre, uncharacteristic behaviors -- like using actual real-world data to influence policy decisions.
Obviously, this doesn't please incumbent telecom operators like AT&T, Verizon and Comcast, who grew pretty comfortable with an FCC that asked "how high" when commanded to jump. The reality is that this is just what it looks like when a regulator does its job and tries to fix a very broken market. But incapable of admitting the broadband market's horribly broken, the telecom industry instead seems intent on pointing fingers elsewhere. In a strange story over at Politico, broadband providers blame Google for absolutely everything the FCC has been up to.
The quest to open the set top box, the quest for more unlicensed spectrum, and the quest for better consumer privacy controls? All the fault of Alphabet and Google:
The cable industry-led Future of TV Coalition earlier this year suggested Google had "a sneak preview" of the FCC’s February plan to open up the set-top box market to new competitors. The move would require pay-TV companies to make their content streams available to third parties that want to build and sell their own boxes — a move that cable firms say is designed to benefit Google, which has already demonstrated a prototype cable box to regulators.
AT&T, meanwhile, has charged that the agency is placing its "thumb on the scale" in favor of Google via Wheeler's March proposal to impose strict privacy rules on broadband companies. The plan, according to AT&T and others, would put telecom firms at a disadvantage compared with Internet companies like Google, which wouldn't fall under the FCC rules. Internet firms' privacy practices are policed by the Federal Trade Commission, which is seen as less prescriptive.
On another front, the National Association of Broadcasters argued that Google led a behind-the-scenes push at the FCC to set aside more unlicensed airwaves — something that could boost Wi-Fi networks that support the company's products and services. NAB says this FCC set-aside allows Google to avoid having to pay for spectrum during the FCC's current incentive auction.
The telecom industry taking pot shots at Google is certainly nothing new; in fact the net neutrality debate basically began in 2005 when then AT&T CEO Ed Whitacre proudly proclaimed that Google wouldn't be able to "ride his pipes for free." Traditionally though, the telecom industry has used third-party consultants, think tanks, and other policy tendrils to hurl strange attacks at Google. These new, more direct attacks are a sign of increased desperation.
This desperation originates with two things, one of them being Google Fiber. Though admittedly still limited in reach, Google Fiber has managed to light a fire under the apathetic posteriors of telecom giants that previously had little to no impetus to upgrade networks. It has managed to generate a national conversation about the sorry state of broadband competition, and even managed to illuminate the telecom sector's love of state protectionist laws that prevent community broadband and even public/private partnerships. In short, the broadband industry's mostly just pissed that they're now facing some competition (which is why they've resorted to lawsuits to slow Google Fiber's expansion).
The other thing on telecom executives' minds is the fact that with the broadband market saturated, they're turning to advertising and content to try and attain quarterly growth. That's why Verizon's been gobbling up companies like AOL and blowing kisses at Millennials in a quest to magically become the new Facebook or Google. But these ISPs face new neutrality and privacy regulations that Google doesn't have to worry about, solely because there's no competition in the broadband space (read: you have a choice in search engines, but often not in ISPs). This lack of competition isn't Google's fault. It's the fault of the carriers themselves and generations of lobbying.
The telecom industry has invited the wrath of regulators for years with a laundry list of bad behavior. The FCC's privacy rules weren't driven by Google, they were driven by Verizon's decision to use stealth cookies users couldn't opt out of to covertly track customers around the Internet. Net neutrality wasn't created by Google, it was created thanks to AT&T threatening to charge Google a "just because we can" toll. And while Google has lobbied to open up the cable set top box to competition, this idea is actually more than a decade old, driven primarily by the fact that the industry enjoys $20 billion in captive revenue thanks to absolutely no serious cable set top hardware competition whatsoever.
Yes, Google and Alphabet have become lobbying behemoths since Google first started ramping up its lobbying apparatus around 2007. And yes, like any large company, Google spends a good amount of its time lobbying to saddle the other guy with additional regulations -- something that will only increase as the company inevitably shifts from innovation to turf protection. And we've already started to witness this turn; most notably in the way Google turned its back on net neutrality in the States and abroad the last few years.
A saint Google isn't, but to suggest that the FCC is suddenly doing its job entirely because of Google lobbying borders on the comical, especially coming from an industry that has had its lobbying talons deep in the federal government for more than a generation. It's much the same way that ISPs and their loyal politicians have taken to attacking Netflix for daring to criticize usage caps and standing up for net neutrality. It's snide hubris from a sector that can't come to terms with the fact that a generation of telecom regulatory capture is finally starting to crumble. Instead of adapting to shifting markets, the telecom sector would rather blame "big tech" for a firestorm of regulatory activity it brought down upon itself.
TL;DR: short URLs produced by bit.ly, goo.gl, and similar services are so short that they can be scanned by brute force. Our scan discovered a large number of Microsoft OneDrive accounts with private documents. Many of these accounts are unlocked and allow anyone to inject malware that will be automatically downloaded to users’ devices. We also discovered many driving directions that reveal sensitive information for identifiable individuals, including their visits to specialized medical facilities, prisons, and adult establishments.
The Freedom to Tinker Foundation has just released a study it compiled over the last 18 months -- one in which it scanned thousands of shortened URLs and discovered what they unintentionally revealed. Microsoft's OneDrive -- which uses link-shortening -- could be made to reveal documents uploaders never intended to share with the public. Worse, Freedom to Tinker discovered a small percentage of brute-forced URLs linked to documents with "write" privileges enabled.
Around 7% of the OneDrive folders discovered in this fashion allow writing. This means that anyone who randomly scans bit.ly URLs will find thousands of unlocked OneDrive folders and can modify existing files in them or upload arbitrary content, potentially including malware.
And, because Microsoft's automatic virus/malware scanning for OneDrive contents is less than robust, it wouldn't take much for any random person to wreak havoc on any number of devices with access to those contents.
OneDrive “synchronizes” account contents across the user’s OneDrive clients. Therefore, the injected malware will be automatically downloaded to all of the user’s machines and devices running OneDrive.
Fortunately for OneDrive users, the scanning method deployed by FTTF no longer works as of March 2016. But this doesn't necessarily mean the accounts are completely secure -- just that one avenue for attack/access has been closed.
Just as disturbing -- but for different reasons -- is the automatic link shortening tied to Google Maps. The links could be manipulated to discover all sorts of inferential information about people's private activities… or at least the activities they never thought they were sharing with the world. The directions and searches uncovered by FTTF's scanning activity potentially reveal plenty of sensitive information about Google Maps users.
Our sample random scan of these URLs yielded 23,965,718 live links, of which 10% were for maps with driving directions. These include directions to and from many sensitive locations: clinics for specific diseases (including cancer and mental diseases), addiction treatment centers, abortion providers, correctional and juvenile detention facilities, payday and car-title lenders, gentlemen’s clubs, etc. The endpoints of driving directions often contain enough information (e.g., addresses of single-family residences) to uniquely identify the individuals who requested the directions. For instance, when analyzing one such endpoint, we uncovered the address, full name, and age of a young woman who shared directions to a planned parenthood facility.
The same privacy concerns associated with the indiscriminate use of automatic license plate readers by law enforcement and warrantless access to cell site location info are present here: the reconstruction of people's lives via the "tracking" of their movements. In this case, however, the information generated is more "voluntary" than either of the other listed collections, which are far more passive than searching for directions using a web service provided by a company with an unquenchable thirst for data.
The good news is that the method deployed for the report no longer works for Google Maps-shortened links. But, once again, that does not mean the problems with link shorteners have been eliminated. FTTF points out that the March 2016 change by Microsoft (which claims it had nothing to do with FTTF reporting the vulnerability to it) only affects links generated after that date. Any previous short URLs are still vulnerable to traversal scans.
Google, however, did make a more of a serious attempt to prevent abuse of its shortened links.
All newly generated goo.gl/maps URLs have 11- or 12-character tokens, and Google deployed defenses to limit the scanning of the existing URLs.
While this news should be of concern to users of these services, it definitely has to be great news for law enforcement and intelligence agencies. So much for "going dark." Vulnerabilities in web services apparently provide access to otherwise "locked" cloud storage contents and Google Maps -- at least until it was fixed -- generating tons of location data for the taking.
It's also worth pointing out that the method used by Freedom to Tinker to complile this report is basically the same method used by Andrew "Weev" Auernheimer to expose AT&T users' email addresses: altering URLs to uncover data presumed to be hidden. Of course, AT&T's vindictiveness resulted in a 3.5 year prison sentence for Auernheimer. No legal threats have been made towards FTTF, but the sad thing is that security research is inherently risky, as you can never tell whether the entity affected will respond with a bug fix or a police report -- not until after they've been informed.