All posts by Paul Stradling

News

Tech News : Proposed Ban For Mass Facial Recognition & ‘Predictive’ Policing

The European Parliament has adopted a resolution calling for a ban on the use of AI-based predictive policing systems and the processing of biometric data that leads to mass surveillance.

Areas

The resolution seeks to ban the use of facial recognition technology and AI in several key areas:

– Police use of facial recognition technology in public places.

– Private facial recognition databases (e.g. Clearview AI)

– Predictive policing and social scoring systems.

What Is Clearwater AI?

Clearwater AI is a US-based facial-recognition company started by Australian Hoan Ton-That and a former aide of ex-New York City Mayor Rudy Giuliani. The AI-software system, which is used by hundreds of law enforcement agencies, has been criticised for using a database that includes billions of photos scraped from social media websites (possibly in violation of social media platform rules). Concerns have also been voiced that, like other systems, it may have a racial bias.

What Is Predictive Policing?

So-called ‘predictive policing’ tools use algorithms and historic data to predict where certain types of crime (e.g. burglaries and street violence) are likely to occur and to predict the likelihood of known individuals exhibiting certain behaviours or characteristics in the future.

What Are Social Scoring Systems?

An example of a social scoring system can be found in China where the Chinese Communist Party operate a “social credit system” for individuals and organisations. A person’s/organisation’s social score can move up and down depending on their behaviour. Bad behaviour, for example, could include questionable shopping habits, buying too many video games, bad driving, posting on social media, or smoking in non-smoking zones. It has been reported that bad behaviour online, for example, could lead to the punishment of throttling a person’s Internet speed.

What Happens Now?

The European Parliament resolution gives an overview of the argument and indicates the way that voting may go for what will become the AI Act. It is thought that since the AI Act’s lead negotiator, Brando Benifei, and co-negotiators are known to support a blanket ban on facial recognition, there is a strong chance that AI in criminal law and its usage by the police and judicial authorities in criminal matters will have bans and regulations in place soon in the EU.

What Does This Mean For Your Business?

The case for AI-based facial recognition systems being used in mass surveillance and predictive policing is supposed to help tackle crime in an intelligent, targeted way. The reality (to date) however, has been cases of misidentification, examples of racial bias, strong resistance from freedom groups on matters of privacy, questions about value for money, and questions about ethics. Also, there is a strong feeling that the use and rollout of this technology has happened before the issues have been studied properly and legislation/regulations put in place to offer protection to citizens. Allegations about how Clearwater AI’s database was scraped from social media, as well as worries about the idea of predictive policing and big brother-like social-scoring-systems have all been factors in prompting the need to slow things down and get some rules in place.

News

Tech News : What’s Going On With Facebook?

After experiencing two outages in a week, one lasting more than six hours, and a whistleblower at a Senate Committee hearing alleging potentially harmful effects from Facebook’s algorithms, some are asking ‘what’s going on with Facebook?’

Whistleblower

Recently identified former Facebook employee turned whistleblower, Frances Haugen, was found to be behind a series of leaks reported in the US Wall Street Journal alleging that Facebook has been putting profit over safety. She added to the points made in the articles by alleging in a recent appearance on popular US TV programme ’60 Minutes’ that there were conflicts of interest between what was good for the public and what was good for Facebook.

Allegations

The other reported allegations made by Frances Haugen in newspaper reports and allegations made in the TV interview (which remain unproven) are that Facebook:

– Knew that Instagram was worsening body image issues among teenagers and had a two-tier justice system.

– Uses engagement-based ranking algorithms (in Instagram) knowing that these algorithms can’t adequately identify dangerous content and may even amplify negative content and help to fuel fan violent rhetoric and ethnic violence.

– Hides most of its own data and when asked directly about how it impacts the health and safety of children, it chooses to mislead and misdirect.

– Failed to act on internal research showing that Instagram had a negative impact on the mental health of teenage girls.

– Has repeatedly chosen to optimise displayed content for its own interests (e.g. making more money).

– Has a lack of accountability that may mean that the company continues to make choices that go against the common good.

– Could be likened to tobacco companies (or driving without a seatbelt) because when governments realise it’s harmful, they will take action.

– Prematurely reinstated old algorithms following Joe Biden’s election win, that may have contributed to the 6 January attack on the Capitol Building(s) (i.e. prioritising growth over safety).

– Uses moderation that is mostly focused on English content (nearly 90 per cent), despite most users being non-English speakers.

Senate Sub Committee

Frances Haugen has appeared and testified before a Senate subcommittee on Capitol Hill, repeating the allegations that she believed that Facebook’s products harm children, stoke division, and weaken the US democracy.

Facebook Says…

It has been reported that last Friday, Facebook’s vice president for policy and global affairs, Nick Clegg, sent a memo to employees outlining what Haugen was likely to say in the 60 minutes program. The company has denied that it encourages bad content and does nothing about it.

Outages

To make matters worse, Facebook has also suffered two damaging outages in a week. The first was a global outage that took down Instagram, WhatsApp, Messenger, and Oculus (virtual reality/3D) and was reportedly caused by the backbone connection between data centres shutting down during routine maintenance, causing the DNS servers to go offline. The second (last Friday) lasted around two hours and affected Instagram feeds and Messenger.

What Does This Mean For Your Business?

The Cambridge Analytica scandal created some huge trust challenges for Facebook, forced them to answer a lot of questions from the government, caused reputational damage, and appeared to make the company work hard and make changes to rebuild trust. Haugen’s allegations, however, (which have been applauded by some as an act of bravery) appear to suggest that this may not be the case and that there are some further significant, meaningful changes to be made in terms of social responsibility and safeguarding issues. Critics, such as Harvard professor and author Shoshana Zuboff, for example, take the view that Haugen’s revelations have shone a light on how big tech companies like Facebook and others operate a kind of surveillance capitalism where our personal experiences are simply used as free raw material for large-scale behavioural data extraction for profit. Facebook and other tech big companies use secret algorithms as part of their daily operations, so total transparency is always going to seem very unlikely. There was also some speculation online that the timing of the outages (when the whistleblower’s allegations were being widely reported) was suspicious but there is no evidence of this. Now that Facebook is so widely used by businesses (Pages, Ads, and WhatsApp particularly), the six-hour outage would have frustrated and annoyed many business customers, thereby generating some more bad publicity among a customer group that is really important to the social media giant. There’s no doubt it’s been an unbelievably bad week for Facebook, bringing to the surface more of the old trust issues, and it is likely that we have some way to go yet before this story returns to the background.

News

Featured Article : Monetising Movement (Your Geo-Data)

In this feature, we take a look at how a multi-billion-dollar market obtains, uses, and sells our location data.

Report

A GVR report estimates that the global location intelligence market was worth USD 12.2 billion in 2020. This market uses our phone/device location data. There are many different interlinked players in this market ecosystem from app companies, collectors, data aggregators, marketplaces, and location intelligence firms, all of whom buy, compile, sell and use our phone location data, ultimately for advertising, analytics, investment strategy, or marketing purposes. The market’s continued growth has been fuelled by factors like the growing penetration of smart devices and portable navigation devices, web-mapping services, as well as the growth of the IoT and the smartphone app market and network infrastructure.

Why and How Is Location Data Collected?

The answers to this question are connected. Examples of some of the main reasons why, and the ways that our location data is collected include:

– Apps are a major source of location data collection. Smartphone apps e.g., those that give directions, weather/meteorological apps (need to give you local weather conditions) need your location data for good reasons i.e., to operate correctly and deliver appropriate results. Also, video-streaming apps need to check user location to decide whether a person is in a country where it’s licensed to stream certain shows. In any case, it is likely that when you install these apps, you will agree to share your location.

– Software Development Kits (SDKs), for example, are tools and code provided by a company to enable and encourage developers to write code for a platform can have built-in location data supply features. For example, Foursquare makes a free SDK which could (potentially) track location through any app that uses it.

What Happens To The Data After Collection?

Apps sell the data to other players in the location intelligence market. This could be anything from third-party companies that specialise in selling location data, or access to it, to advertisers, marketers, and data brokers, other location data providers, and even governments. For example, vox.com (Feb 2021) reported that app trackers secretly sell location data to the government (or/for its agencies) and that Google can’t stop trackers in its apps from selling location data to the (US) government. Examples of where the data is sold after collection by apps includes:

– Data Aggregators, who collect the data from many thousands of different apps, combine it with data from other sources, and sell that data onwards e.g., AdSquare or Cuebiq.

– Data brokers, who buy and sell and sell the data.

– Data analysis companies e.g., Advan Research, who analyse the data and sell it on.

– Location intelligence firms. These specialised companies sell geolocation analyses to bigger corporate clients e.g., hedge funds and venture capital and private equity firms.

What The Data Is Used For?

Our location data (which may have been aggregated and analysed) is used for many different end purposes, and there are many companies in the location intelligence ecosystem involved in making location monitoring capabilities and tools.

Some examples of how our location data may be used include:

– Property firms, hedge funds and retail businesses using the data for their own advertising, analytics, and marketing.

– Advertisers/advertising platforms using the data for targeting ads.

– Market intelligence companies using the data to highlight patterns and trends.

Examples of how location monitoring capabilities and tools are being developed include:

– Grand View Research (GVR) reports that some of the big investors in location intelligence technologies include Google, ESRI, Qualcomm, AT&T, Intel, and Apple. This area of location intelligence is more concerned with integrating real-time location monitoring capabilities in devices (smartphones, vehicles, and aircraft) to allow businesses to improve marketing or optimise business operations.

– Industries such as utility and energy, retail, transportation, telecom, and manufacturing use location intelligence tools to help with management and increase productivity and profitability.

Is It Legal?

In consenting to allow apps to use a person’s location (e.g. for its correct operation), this is legal, although it may be the case that there are a number of other T&Cs, most likely in the privacy policy, that users quickly sign-up to that they may not have the time or inclination to read, but may give a wider scope of consent than they would like.

Although consent may be given to apps for sharing location data, and sharing data for specific related purposes, there are many cases where legal objections have been filed and investigations have taken place into who location has been shared with. For example:

– Feb 2019, City of Los Angeles sued The Weather Channel for allegedly using its app to mine users’ private geolocation data and sending it to IBM affiliates and third parties for advertising and commercial purposes unrelated to weather.

– In June 2020, US Members of Congress opened an investigation into a data analytics company Venntel. The company aggregates location data from smartphone apps (games and weather forecast apps) and the investigation related to allegations that the company may have been selling people’s location data to government agencies such as the FBI and Department of Homeland Security.

What Does This Mean For Your Business?

The rapid growth of the Internet, smartphone ownership, the IoT, the growing app market, and the potential for profit have fuelled the development of a whole location intelligence industry and ecosystem. This in itself has created opportunities for many different kinds of businesses that buy, sell, aggregate, analyse, and use location data. Businesses across the world use data and information, which includes a contribution from location data, as the basis for strategies, tactics and campaigns that deliver profits and as such, it is clear to see how our location data helps to feed the business world in a positive way. The questions and uneasiness about location details being gathered, bought, and sold, however, relate more about matters of privacy and ethics. Low consent rates in apps asking for locations, the knowledge that seemingly anonymous data from one source could be combined and aggregated from other sources to potentially identify us/identify more about us, and the idea that privacy policies (that we don’t have time to read) can include things that we would question, all add up to a feeling of uneasiness and mistrust.  Just as tracking cookies are being rejected, questions are now rightly being asked about what apps are sharing, who they are sharing it with, and for what purpose. Location intelligence is an area that has such complex connections between players in the market, that transparency and further regulation is some way off.

News

Tech Tip – How To Check Your Google 2FA Settings

Two-factor authentication (2FA) adds an extra security dimension to accounts, and with Google now heading down the route of automatically enrolling millions of users into 2FA, here’s how to check if 2FA is turned on for your Google account:

– Go to your account settings through myaccount.google.com on your desktop (or phone).

– Click on the Security section (left-hand pane).

– Scroll down to the Signing in to Google section.

– Click on the ‘2-Step Verification’ option.

OR

– Go to Google’s Security Checkup page (https://myaccount.google.com/intro/security-checkup).

– Scroll down to the ‘2-Step Verification’ section and click on the settings to see your current 2FA status plus any recommendations.

News

Featured Article: Domain Security

After a recent report found that poor domain security has left most Global 2000 companies vulnerable to the threats of phishing and brand abuse, we take a closer look at domain security and how businesses can maximise their protection against popular threats.

CSC Research – Domains Dangerously Under-Protected

Recent research by US-based CSC, which describes itself as “a world leader in business, legal, tax, and domain security” has shown that web domains of the Global 2000 companies remain dangerously under protected. The research revealed some worrying statistics, including:

– 81 per cent of companies are not using registry locks. Not using a registry lock means that (for example) a registrar could move your domain to another registrar on its own and/or the domain could be hijacked.

– 70 per cent of homoglyph (i.e. fuzzy match) domains are owned by third parties . This is a tactic known to be commonly used in phishing and brand abuse (refer ‘typosquatting’) . A homoglyph (name spoofing) attack uses processes or domain names that are visually similar to legitimate and recognised names to fool unsuspecting users, who may not notice a minor difference (e.g. Unicode characters from non-Latin character sets) in the domain name, into clicking on a malicious link.

– Only 50 per cent are using Domain-based Message Authentication, Reporting, and Conformance (DMARC) records as an email authentication method.

– 43 per cent are configured with MX (email) records that can be used to send phishing emails or to intercept email.

– 57 per cent of the Global 2000 are relying on off-the-shelf consumer-grade registrars who offer limited domain security mechanisms to protect against domain and DNS hijacking.

Also, the research found that among the 70 per cent of the third-party domains deemed suspicious:

– 56 per cent were pointing to advertising, pay-per-click content, or being used for domain parking (registering a domain name but not linking it to any services e.g., e-mail or a website).

– 38 per cent had inactive web content (there are technical problems, problems with the account, or they don’t have nameservers associated with them).

What Are The Main Risks and Threats To Domain Security?

Some of the main risks and threats to your domain security include:

– Your registrar being compromised or hackers gaining access to your account with the company where you registered your domain name, or to the e-mail address that “reset password” forms on their websites send emails to. This can allow hackers to transfer the domain to another registrar, gaining complete ownership over it.

– Domain spoofing, used by phishers and malicious third parties to fool users into clicking onto domains that are visually similar to the legitimate domain e.g., Fuzzy matches/typo squatting, Homoglyphs – IDNs, Cousin domains, Keyword match, and Homophones (Soundex).

– Cybersquatting/brand jacking/name jacking i.e., the unauthorised registering and use of a domain name that is identical or similar to trademarks, service marks, company names, or personal names. In the US, this is a crime under the 1999 Anti-Cybersquatting Consumer Protection Act (ACPA).

– Sophisticated DNS attacks that can allow hackers to create confusion and redirect some of your website users to their servers.

– Reverse domain hijacking – i.e. whereby another entity deliberately registers something with the name of your domain/trademark and accusing you of stealing their domain.

– Not having DNS redundancy – i.e. a lack of a failsafe solution or a backup mechanism for DNS outages, such as having a having secondary DNS. A lack of DNS redundancy can leave the business open to threats like a reduced resiliency to DDoS attacks, and the associated problems of down-time, disruption to business continuity, revenue loss and diminished reputation.

– Not using certificate authority authorisation (CAA) records i.e., not designating a specific certificate authority (CA) to be the sole issuer of certificates for your company’s domains. Not using CAA could allow a cybercriminal to use the appointed certificate authority to get a new certificate and could represent a threat to compliance.

– Not authenticating the company’s email channel with DMARC, SPF, or DKIM. Sender Policy Framework /SPF, for example, enables a domain to state which servers can send emails on its behalf, and DMARC is an email validation system. Not authenticating the company’s email channel can leave the business open to threats like having the company’s email domain being used for email spoofing, phishing scams, and other cybercrimes.

– Not staying on top of matters relating domain renewals, thereby potentially allowing a company domain to be purchased and used by another party, perhaps for malicious purposes.

– Not having a security certificate (https). This protocol uses encryption to protects the integrity and confidentiality of data between the user’s computer and the site. The authentication aspect proves that users are communicating with the intended website, and can, therefore, protect against man-in-the-middle attacks and build/maintain user trust, not to mention improving the search engine profile and ranking.

What About GDPR Domain Masking?

The introduction of GDPR meant that the identity of a domain name registrant couldn’t be published in the public WHOIS database (without consent) and without the risk of penalties. This, however, is a two-edged sword, as it gives criminals more anonymity for registering domain names for malicious purposes, and can stop investigators and security professionals from uncovering dangerous/malicious/phishing website owners. There are, however, ways for cybercriminals and investigators to find out the identity of a domain owner.

How To Boost Your Domain Security

Despite significant potential domain security risks and threats, there are a number of measures that you can take to plug this potential gap in your business cyber security strategy. These measures include:

– Choosing a professional, reliable, and reputable business-focused registrar.

– Authenticating your email channel with DMARC, SPF, or DKIM to minimise the incidence of email spoofing and potential phishing.

– Using enterprise-grade DNS hosting. This could mean consolidating your domain, DNS, and digital certificate providers into one enterprise-class provider.

– Incorporating secure domain, DNS, and digital certificate practices into the overall cyber security posture.

– Using a registry lock for your domain to prevent the risks of administrative and technical hijacking.

– Using domain privacy services and ensuring that WHOIS details are redacted.

– Ensuring that there is DNS redundancy (a failsafe/backup for DNS outages e.g., a secondary DNS).

– Adding CAA records to allow for policy enforcement and to mitigate cyber threats such as HTTPS phishing of hijacked sub domains.

– Buying security certificates for domains (https).

– Continuous monitoring of the domain space and key digital channels e.g., marketplaces, apps, social media, and email for any evidence of brand abuse, infringements, phishing, and fraud.

– Minimising third-party risk by looking at/auditing the business practices of the domain registrar to make sure they are not contributing to fraud and brand abuse e.g., through operating domain marketplaces, domain name spinning, and more.

– Maintaining good basic cyber security practices that can prevent hacks or accounts being compromised that could lead to domains being hijacked and more.

What Does This Mean For Your Business?

The security of your company domain(s) is an often overlooked part in the cyber security strategy of a business and yet, a domain is direct, public part of your brand and reputation that (if successfully attacked and compromised) could lead to huge technical, legal, monetary, and reputational damage to your business. Research, such as that by CSC, confirms that businesses are still taking big risks by not addressing domain security, and cyber criminals use domains as a key part of popular attack methods such as phishing. There are, as outlined in the article, basic measures that businesses can take to make sure that their domains are protected, and that threats to domain security are addressed.

News

Tech Insight : QR Codes … A Security Risk?

In this tech-insight, we take a look at what QR codes are used for, review some well-known security risks, and outline what action you can take to protect yourself from malicious QR codes.

Quick Response (QR) Codes

A QR code is a machine-readable (e.g., by smartphones), matrix barcode invented in 1994 by the Japanese Toyota subsidiary automotive company Denso Wave as a way to track vehicles and parts during the manufacturing process. A QR code stores information as a series of pixels in a square grid that can be read in two directions, top to bottom and right to left.

How They Work

The three large squares outside the QR code show that everything contained inside the square is a QR code. Patterns in QR codes represent binary codes that can be interpreted to reveal the data. The codes can be read using built-in QR scanners or QR apps on smartphones (via the camera), iPads, tablets, and other devices.

Uses

QR codes can store website URLs, phone numbers, or up to 4,000 characters of text. These codes have multiple uses including sales and marketing (e.g. sending information about a business or product), or as a menu (for example) to be sent to a user’s phone. QR codes are also used for linking directly to download an app (Apple App Store or Google Play), postal services tracking, education, authenticating online accounts and verifying login details, accessing Wi-Fi (storing encryption details) sending and receiving payment information. QR codes have also recently been used in coronavirus tracing (apps).

Are They Safe?

QR codes themselves can’t be hacked and QR codes do not collect personally identifiable information, but they do collect other data such as location, the number of times a code has been scanned (at what time), and what operating system (iPhone or Android) is being used. Although this is generally a safe technology, consumer watchdog ‘Which?’ says of QR codes “not all of them are safe.”

Risks

Research (e.g. observations by the Unit 42 threat intelligence team at Palo Alto Networks) indicates that the proliferation of QR codes, particularly during the pandemic (good for ‘no-contact’) has meant that cyber criminals are discussing and exploring ways to exploit them.

Some of the risks associated with QR codes include :

– QR codes can’t be read by humans, so they are unable to see any potential risks just by looking at the code.

– Hackers can create malicious QR codes which direct users to fake websites / phishing websites that capture their personal data.

– Attackers can embed malicious URLs (containing custom malware) into a QR code, which could steal data from a mobile device when scanned.

– Malicious QR codes can be used to add contacts or compose emails on a user’s device, thereby posing security threats.

– Threat actors could present a malicious QR code with the promise of free internet-access, which could actually link to an unsafe Wi-Fi network where hackers could eavesdrop, intercept data, and steal personable identifiable information.

– Malicious QR codes can be used to cover up/replace legitimate QR codes.

Protection

Ways that you can protect yourself from threats posed by the use of malicious QR codes include:

– Only download QR scanning apps from trusted sources e.g., Apple’s App Store or the Google Play Store, and make sure that the app you download is backed by plenty of positive reviews.

– Use a QR scanner that checks that scanned links are safe before submitting any information to you.

– Check to make sure that the QR code you’re about to scan is being presented to you by a reputable source.

– Don’t scan a QR code if you’re not sure where it will lead and preview the website and domain to be sure.

What Does This Mean For Your Business?

QR codes are a convenient, fast, and flexible way to present data but, criminals/cybercriminals are always looking for new ways to operate scams such as phishing, and QR codes represent a possible new scamming opportunity.

Businesses can make sure that their own QR codes haven’t been tampered with or replaced with malicious versions by regularly carrying out integrity checks on their sites and apps (e.g. by scanning the code to check if the link within the QR code is correct). Businesses should also educate staff about how QR codes can be used by cyber criminals, while as individuals we should always use QR scanning apps from reputable sources and be cautious about scanning QR codes in unfamiliar locations and situations. It is also sensible to avoid using public Wi-Fi networks for business generally (without a VPN), and to avoid any ‘free Internet’ offers where there’s a QR code.

News

Tech News : Amazon To Start Selling Cyber Insurance

Amazon has entered the B2B insurance market through a partnership with Superscript and is offering cyber insurance to small and medium-sized businesses in the UK.

Cyber Insurance?

Cyber insurance protects businesses (and individuals providing services for businesses) by helping with the compensation costs that can arise from Internet-based risks and handling data. For example, businesses may face costs resulting from data/security breaches, media content liability (e.g. intellectual property infringement), GDPR defence costs or paying GDPR fines, credit/debit card breaches, or data breach response services.

Superscript?

Superscript (formally known as Insurtech Digital Risks until its rebranding last summer), was founded by Cameron Shearer and Ben Rose in 2015. Superscript is looking to be the global leader in flexible SME insurance, while previous partnerships have included Starling Bank, Revolut, Urban, and Appear Here (the online marketplace for retail space).

Superscript and Amazon

Superscript says that Amazon Business Prime users will be able access the insurance product by logging in to Superscript using their Amazon account. Superscript also says that there’ll be “no big commitments, only a monthly subscription, discounted specially for as long as they are Business Prime members.”

As well as cyber insurance, Amazon Prime members will be able to access a number of other Superscript insurance products via the same route, including public liability insurance, employers’ liability insurance, professional indemnity insurance, office contents and equipment insurance, and more. Superscript says that these will be underwritten by “major UK insurers” and will be discounted by 20 per cent in comparison to current rates.

Digital-First, Flexible and Monthly

Cameron Shearer, CEO of Superscript, said of the partnership: “This partnership is a huge step in the evolution of business insurance. The industry needs to bridge the divide between insurers and customers by providing a quick, smooth buying process that is customer-centric. This means digital-first, flexible and monthly.”

Amazon Says…

Molly Dobson, Country Manager for Amazon Business UK & Ireland, said: “As businesses come out of the pandemic and gradually resume normalcy, we want customers to have the best tools to run their business. We believe Superscript offering its SME insurance products to Business Prime is another example of how this programme provides value and benefits to members.”

Adding Value To Prime Membership

The move to offer insurance is part of Amazon Business’s announcement that is wants to enhance the value of the Business Prime membership for UK customers as SMEs emerge from lockdown.

Will Businesses Trust Amazon As Their Insurance Supplier?

If Deloitte survey figures are anything to go by, 60 per cent plus of SMEs prefer sourcing insurance from a trusted provider that is affiliated to their business community, which could mean that this brand extension could work for Amazon.

What Does This Mean For Your Business?

Amazon and Superscript believe that SMEs are looking for ease and flexibility in their insurance in the post pandemic environment, and that they will be tempted by a trusted brand name, and by the discounts. For Superscript, this will be a big boost for their mission to become the global leader in flexible SME insurance, and for Amazon it offers a way to add more value to their Business Prime membership offering in the UK. This partnership may, of course, represent a considerable threat to other UK business insurance providers.

News

Tech News : Networks Angered By Ofcom’s Openreach Decision

Independent broadband network providers (altnets) have been angered by Ofcom’s decision to take no action over anti-competition concerns about (BT) Openreach’s “Equinox” offer.

What Is Equinox?

The Equinox Offer from BT’s Openreach essentially proposes that big ISPs can buy discounted wholesale Fibre-to-the-Premises (FTTP) broadband products. Openreach’s Equinox Offer gives ISPs (e.g., TalkTalk or Sky) cheaper/discounted prices for Openreach FTTP products, so long as they largely stop making new sales of legacy broadband products where Openreach FTTP is available, and switch to selling mainly FTTP products instead. The offer also includes free bandwidth upgrades and discounts on GEA Cablelink (which ISPs require to offer Openreach FTTP). The Equinox Offer Scheme runs from 1 October 2021 to 30 September 2031, and Ofcom has said that it expects that the main ISPs will sign up.

What’s The Problem?

After a consultation with stakeholders by Ofcom, altnets raised concerns about the impact of the Equinox Offer on competition and disagreed with key aspects of Ofcom’s position in the Consultation.

For example, the Independent Networks Co-operatives Association (INCA), which represents the interests of alt-nets is concerned that Openreach may simply be using its market power to persuade ISPs to move to its fibre networks, thereby strengthening its already dominant market position. INCA is also concerned that Equinox could reduce wholesale competition, leading to higher prices and lower standards of service.

Could Harm Altnet Build Too

Ofcom’s report on the outcome of its consultation also highlights how The Joint Consultation Response submitted that the Equinox Offer could significantly reduce the benefits that Openreach claims the offer will deliver, and that altnets including CityFibre, the Common Wholesale Platform (‘CWP’), Dolomite Solutions, Fern Trading, Gigaclear, KCOM, VMO2 and others are concerned that the Equinox Offer will harm altnet build. Their argument is that the magnitude of the discounts available under the Equinox Offer will encourage take-up of Openreach FTTP and act as a barrier to entry for altnets.

Altnets have also said that Equinox could place downward pressure on wholesale and retail FTTP prices, thereby weakening the business case for altnet investment, especially in areas with higher deployment costs. This, in turn, could mean delays to fibre deployment in rural/hard to reach locations.

Beneficial, Says Openreach and ISPs

Openreach and the big ISPs who took part in the Ofcom consultation, however, say that Equinox will bring a number of benefits for homes and businesses across the UK including:

– ISPs getting long-term (price) certainty, thereby enabling them to compete in a highly competitive market.

– ISPs may also benefit from the simplicity of a single national rental price will for the entire Openreach FTTP footprint.

– Ultrafast full fibre technology can become the default choice wherever it’s available (GEA-FTTP becomes the preferred technology).

– CPs can create their own offers and can create a modest premium on GEA-FTTP.

– UK consumers will ultimately benefit from ISPs being incentivised to use FTTP, thereby supporting investment in FTTP networks.

– Sky, TalkTalk, and Vodafone have agreed that lower FTTP prices will benefit consumers and encourage take-up of FTTP, and Vodafone has said that the ten-year duration of the Equinox Offer will allow ISPs to provide price certainty to consumers.

Ofcom’s Decision

Despite the concerns of the altnets, Ofcom has concluded that, following its consultation about Openreach’s Equinox Offer, it does not raise competition concerns requiring ex ante intervention, and Ofcom will, therefore, not be taking any action at this time.

What Does This Mean For Your Business?

Ofcom’s decision not to take any action is a blow for UK altnets who clearly feel that the already dominant Openreach is being allowed to use its market power even more to use lower prices to squeeze altnets out, weaken the business case for altnet investment, increase the barrier to entry for altnets, all of which in a way that may not offer great benefits (such as choice) to the consumer. Openreach obviously appears happy with Ofcom’s decision, as do the big ISPs who can look forward to the discounts and price certainty that Equinox appears to offer. Although Ofcom is taking no action now, it is still early days, and it remains to be seen whether any intervention will be necessary a little further down the line, although this is of little comfort to altnets now. For consumers, home, and businesses, it’s also a case of waiting to see what benefits are passed-on to them with the scheme.

News

Tech Tip – Scheduling Emails in Outlook

If you’re working late/early/at weekends but you’d like your emails to be sent on the right day/time in the working week, or perhaps to catch the recipient just when you know they’re returning to the office, you can schedule your emails on Outlook.  Here’s how:

– After you’ve finished writing your email in Outlook, go to the ‘Send’ Button.

– Click on the downward arrow next to the send button and select “Send later”.

– Choose your day and time from the calendar and click on “Send”.

News

Tech News : Laser Broadband Success

Alphabet subsidiary X, the Moonshot Factory’s ‘Project Taara’ is claiming 99.9 per cent uptime within the first 20 days of a light beam/laser broadband project.

What Is It?

Laser-based broadband uses wireless optical communications (WOC), which has been described as “like fibre, but without the cables”.  In short, invisible beams of light, about the width of a chopstick, are used to transmit information at super high speeds through the air between two terminals. To make the connection, the terminals search for each other, detect the other’s beam of light, and lock in to create the high bandwidth connection.

Why?

This kind of laser broadband is needed because:

– The challenges of tough terrain can make it very difficult, very costly, and slow to take fibre networks to many areas.

– It offers a cost-effective and quickly deployable way to bring high-speed connectivity to remote areas.

– It can plug critical gaps to major access points, like mobile phone towers and Wi-Fi hotspots.

– It can help bring greater equality of opportunity to countries with more challenging terrain by giving people access to the educational, business, and communication benefits of the web.

– It can be used as a way to extend fibre networks.

What Happened?

Project Taara has set up a network, powered by wireless optical communications (WOC) that links Brazzaville in the Republic of Congo and Kinshasa in the Democratic Republic of Congo. Measurements have been taken of how the recently introduced laser-based broadband has performed between the sites, which are separated by 4.8km across the Congo River.

X, the Moonshot Factory, which describes itself as “a diverse group of inventors and entrepreneurs who build and launch technologies that aim to improve the lives of millions, even billions” has reported that the laser-based broadband service has been able to supply nearly 700TB of data within its first 20 days of operation, with 99.9 per cent uptime.

Flexible Technology

The X company website claims that with a clear line of sight, wireless optical communication technology can transmit data at high speeds of up to 20 Gbps, and a single link can cover distances up to 20 km.

Weather Conditions A Challenge

One challenge with this type of technology, however, is that bad weather (fog or haze) can interfere with the light beams, as can fauna such as bats and birds flying in front of the signal. For these reasons, laser-broadband may be more useful in countries with good weather conditions for most of the year.

What Does This Mean For Your Business?

Those individuals and businesses in areas around the world where it is too complex, expensive, and difficult to be reached with cables in the ground (due to terrain) are at a disadvantage from not being able to access the many benefits of reliable access to the Internet. The promising results from the deployment in the Congo shows that laser-broadband offers a practical, cost-effective, and quickly deployable way to bring high-speed connectivity to remote areas.  It also could prove very valuable in plugging other critical gaps in the world’s communications networks.  This could bring greater opportunities and greater equality to businesses, communities, and individuals around the world while being kinder to the environment at the same time. The challenges posed to the technology by adverse weather conditions could be offset by the fact that it is better to have areas connected for at least some of the time than not at all.