Архив метки: UK

UK to toughen telecoms security controls to shrink 5G risks

Amid ongoing concerns about security risks posed by the involvement of Chinese tech giant Huawei in 5G supply, the U.K. government has published a review of the telecoms supply chain, which concludes that policy and regulation in enforcing network security needs to be significantly strengthened to address concerns.
However, it continues to hold off on setting an official position on whether to allow or ban Huawei from supplying the country’s next-gen networks — as the U.S. has been pressurizing its allies to do.
Giving a statement in parliament this afternoon, the U.K.’s digital minister, Jeremy Wright, said the government is releasing the conclusions of the report ahead of a decision on Huawei so that domestic carriers can prepare for the tougher standards it plans to bring in to apply to all their vendors.
“The Review has concluded that the current level of protections put in place by industry are unlikely to be adequate to address the identified security risks and deliver the desired security outcomes,” he said. “So, to improve cyber security risk management, policy and enforcement, the Review recommends the establishment of a new security framework for the UK telecoms sector. This will be a much stronger, security based regime than at present.
“The foundation for the framework will be a new set of Telecoms Security Requirements for telecoms operators, overseen by Ofcom and government. These new requirements will be underpinned by a robust legislative framework.”
Wright said the government plans to legislate “at the earliest opportunity” — to provide the regulator with stronger powers to to enforcement the incoming Telecoms Security Requirements, and to establish “stronger national security backstop powers for government.”
The review suggests the government is considering introducing GDPR-level penalties for carriers that fail to meet the strict security standards it will also be bringing in.

First policy response will be ‘soft’, common cybersecurity standards. Then regulations, with strict standards and #GDPR like fines. New powers allowing to compel telecoms to do something. And work to increase diversity. pic.twitter.com/nBLWneFUDK
— Lukasz Olejnik (@lukOlejnik) July 22, 2019

“Until the new legislation is put in place, government and Ofcom will work with all telecoms operators to secure adherence to the new requirements on a voluntary basis,” Wright told parliament today. “Operators will be required to subject vendors to rigorous oversight through procurement and contract management. This will involve operators requiring all their vendors to adhere to the new Telecoms Security Requirements.
“They will also be required to work closely with vendors, supported by government, to ensure effective assurance testing for equipment, systems and software, and to support ongoing verification arrangements.”
The review also calls for competition and diversity within the supply chain — which Wright said will be needed “if we are to drive innovation and reduce the risk of dependency on individual suppliers.”
The government will therefore pursue “a targeted diversification strategy, supporting the growth of new players in the parts of the network that pose security and resilience risks,” he added.
“We will promote policies that support new entrants and the growth of smaller firms,” he also said, sounding a call for security startups to turn their attention to 5G.
Government would “seek to attract trusted and established firms to the UK market,” he added — dubbing a “vibrant and diverse telecoms market” as both good for consumers and for national security.
“The Review I commissioned was not designed to deal only with one specific company and its conclusions have much wider application. And the need for them is urgent. The first 5G consumer services are launching this year,” he said. “The equally vital diversification of the supply chain will take time. We should get on with it.”
Last week two U.K. parliamentary committees espoused a view that there’s no technical reason to ban Huawei from all 5G supply — while recognizing there may be other considerations, such as geopolitics and human rights, which impact the decision.
The Intelligence and Security Committee also warned that what it dubbed the “unnecessarily protracted” delay in the government taking a decision about 5G suppliers is damaging U.K. relations abroad.
Despite being urged to get a move on the specific issue of Huawei, it’s notable that the government continues to hold off. Albeit, a new prime minister will be appointed later this week, after votes of Conservative Party members are counted — which may be contributing to ongoing delay.
“Since the US government’s announcement [on May 16, adding Huawei and 68 affiliates to its Entity List on national security grounds] we have sought clarity on the extent and implications but the position is not yet entirely clear. Until it is, we have concluded it would be wrong to make specific decisions in relation to Huawei,” Wright said, adding: “We will do so as soon as possible.”
In a press release accompanying the telecoms supply chain review the government said decisions would be taken about high risk vendors “in due course.”
Earlier this year a leak from a meeting of the U.K.’s National Security Council suggested the government was preparing to give an amber light to Huawei to continue supplying 5G — though limiting its participation to non-core portions of networks.
The Science & Technology Committee also recommended the government mandate the exclusion of Huawei from the core of 5G networks.
Wright’s statement appears to hint that that position remains the preferred one — barring a radical change of policy under a new PM — with, in addition to talk of encouraging diversity in the supply chain, the minister also flagging the review’s conclusion that there should be “additional controls on the presence in the supply chain of certain types of vendor which pose significantly greater security and resilience risks to UK telecoms.”
“Additional controls” doesn’t sound like a euphemism for an out-and-out ban.
In a statement responding to the review, Huawei expressed confidence that it’s days of supplying U.K. 5G are not drawing to a close — writing:
The UK Government’s Supply Chain Review gives us confidence that we can continue to work with network operators to rollout 5G across the UK. The findings are an important step forward for 5G and full fibre broadband networks in the UK and we welcome the Government’s commitment to “a diverse telecoms supply chain” and “new legislation to enforce stronger security requirements in the telecoms sector”. After 18 years of operating in the UK, we remain committed to supporting BT, EE, Vodafone and other partners build secure, reliable networks.”
The evidence shows excluding Huawei would cost the UK economy £7 billion and result in more expensive 5G networks, raising prices for anyone with a mobile device. On Friday, Parliament’s Intelligence & Security Committee said limiting the market to just two telecoms suppliers would reduce competition, resulting in less resilience and lower security standards. They also confirmed that Huawei’s inclusion in British networks would not affect the channels used for intelligence sharing.
A spokesman for the company told us it already supplies non-core elements of U.K. carriers’ EE and Vodafone’s network, adding that it’s viewing Wright’s statement as an endorsement of that status quo.
While the official position remains to be confirmed, all the signals suggest the U.K.’s 5G security strategy will be tied to tightened regulation and oversight, rather than follow a U.S. path of seeking to shut out Chinese tech giants.
Commenting on the government’s telecoms supply chain review in a statement, Ciaran Martin, CEO of the U.K.’s National Cyber Security Centre, said: “As the UK’s lead technical authority, we have worked closely with DCMS [the Department for Digital, Culture, Media and Sport] on this review, providing comprehensive analysis and cyber security advice. These new measures represent a tougher security regime for our telecoms infrastructure, and will lead to higher standards, much greater resilience and incentives for the sector to take cyber security seriously.
“This is a significant overhaul of how we do telecoms security, helping to keep the UK the safest place to live and work online by ensuring that cyber security is embedded into future networks from inception.”
Although, tougher security standards for telecoms combined with updated regulations that bake in major fines for failure suggest Huawei will have its work cut out not to be excluded by the market, as carriers will be careful about vendors as they work to shrink their risk.
Earlier this year a report by an oversight body that evaluates its approach to security was withering — finding “serious and systematic defects” in its software engineering and cybersecurity competence.

UK to toughen telecoms security controls to shrink 5G risks

Facebook staff discussed selling API access to apps in 2012-2014

Following a flopped IPO in 2012, Facebook desperately brainstormed new ways to earn money. An employee of unknown rank sent an internal email suggesting Facebook charge developers $250,000 per year for access to its platform APIs for making apps that can ask users for access to their data. Employees also discussed offering Tinder extended access to users’ friends’ data that was being removed from the platform in exchange for Tinder’s trademark on “Moments”, which Facebook wanted to use for a photo sharing app it later launched. Facebook decided against selling access to the API, and did not strike a deal with Tinder or other companies including Amazon and Royal Bank Of Canada mentioned in employee emails.
The discussions were reported by the Wall Street Journal as being part of a sealed court document its reporters had reviewed from a lawsuit by bikini photo finding app developer Six4Three against Facebook alleging anti-competitive practices in how it changed the platform in 2014 to restrict access to friends’ data through the platform.
The biggest question remaining is how high in rank the employees who discussed these ideas were. If the ideas were seriously considered by high-ranking executives, especially CEO Mark Zuckerberg, the revelation could contradict the company’s long-running philosophy on not selling data access. Zuckerberg told congress in April that “I can’t be clearer on this topic: We don’t sell data.” If the discussion was between low-level employees, it may have been little more than an off-hand suggestion as Facebook was throwing ideas against the wall, and may have been rejected or ignored by higher-ups. But either way, now that the discussion has leaked, it could validate the public’s biggest fears about Facebook and whether it’s a worthy steward of our personal data.
An employee emailed others about the possibility of removing platform API access “in one-go to all apps that don’t spend… at least $250k a year to maintain access to the data”, the document shows. Facebook clarified to TechCrunch that these discussions were regarding API access, and not selling data directly to businesses. The fact that the discussions were specifically about API access, which Facebook continues to give away for free to developers, had not been previously reported.

Facebook provided this full statement to TechCrunch:
“As we’ve said many times, the documents Six4Three gathered for this baseless case are only part of the story and are presented in a way that is very misleading without additional context. Evidence has been sealed by a California court so we are not able to disprove every false accusation. That said, we stand by the platform changes we made in 2015 to stop a person from sharing their friends’ data with developers. Any short-term extensions granted during this platform transition were to prevent the changes from breaking user experience. To be clear, Facebook has never sold anyone’s data. Our APIs have always been free of charge and we have never required developers to pay for using them, either directly or by buying advertising.”
A half decade-later, with the world’s will turned against Facebook, the discussions of selling data access couldn’t come at a worse time for the company. Even if quickly aborted, the idea could now stoke concerns that Facebook has too much power and too much of our personal information. While the company eventually found other money-makers and became highly profitable, the discussions illuminate how Facebook could potentially exploit people’s data more aggressively if it deemed it necessary.

UK parliament seizes cache of internal Facebook documents to further privacy probe

Facebook staff discussed selling API access to apps in 2012-2014

Xiaomi gobbles up selfie phone brand Meitu as revenue jumps 49%

Xiaomi is diversifying into a new range of phones as the Chinese smartphone maker announced impressive growth with its latest financials.
The company announced it will take over selfie app maker Meitu’s smartphone business to go after new demographics, particularly women, while it lodged impressive 49 percent revenue growth in Q3.
Xiaomi posted a net profit of 2.481 billion RMB ($357 million) for the quarter on total sales of 50.846 billion RMB ($7.3 billion). The bulk of that income came from smartphones sales — 35 billion RMB, $5 billion — as Xiaomi surpassed its annual target of 100 million shipments with two months of the year still to go. The majority of those phones are sold in China, but the company said that international revenue overall was up by 113 percent year-on-year.
The company has ventured into Europe this year, with its most recent launch in the UK this month, but now it is taking aim at a more diverse set of customers in the Chinese market through this tie-in with Meitu. Best known for its ‘beautification’ selfie apps, Meitu also sells smartphones that tap its selfie brand with optimized cameras and advanced editing features.
Now Xiaomi is taking over that business through a partnership that will see Meitu paid 10 percent of the profits for all devices sold, with a minimum guaranteed fee of $10 million per year. For other smart products, its cut increases to 15 percent.
Meitu is hardly a mainstream phone brand. Its first device launched in 2013 and it has sold 3.5 million units to date. Recently, the company cut back on its hardware — it has launched just one device this year compared to five last year — while the average sell price of its devices has fallen, causing it to forecast a net loss of up to 1.2 billion RMB (or $173 million) up from just 197 million RMB last year. Shifting the heavy-lifting to Xiaomi makes a lot of sense — despite its total cut of sales dropping to just 10 percent, Xiaomi has impressive reach and a sales platform that already features third-party hardware.
Back to Xiaomi, these results are its first ‘true’ financials since the company went public through a Hong Kong IPO back in July. It posted a $2.1 billion profit in the previous quarter but a large chunk of spending and revenue was down to the listing.

Xiaomi gobbles up selfie phone brand Meitu as revenue jumps 49%

Crunch Report | Comcast Launches Xfinity XFi

 Today’s Stories  Comcast invests in mesh router maker Plume, launches Xfinity xFi for managing your home’s wireless network John Oliver reminds us that Net Neutrality is still under siege Facebook culls ‘tens of thousands’ of fake accounts ahead of UK election Amazon to control 70 percent of the voice-controlled speaker market this year Food startup Maple shuts… Read More

Crunch Report | Comcast Launches Xfinity XFi

Make Way For Another European Square: SumUp Launches With $20M+ In Backing

sumup

Add one more to the list of companies going head-to-head in the area of card payments by way of smartphone attachments: today, Berlin-based SumUp is opening up for business in the UK, Germany, Ireland and Austria, backed by an eight-figure Series A round, understood by TechCrunch to be over $20 million.

SumUp’s $20 million Series A investment comes from b-to-v Partners, Shortcut Ventures, Tengelmann Ventures and Klaus Hommels, the early Skype, Facebook and Xing investor. Before the $20 million round, SumUp had been bootstrapped by its founders, which include Daniel Klein, SumUp’s CEO, who was also one of the founders of PayPal competitor MoneyBookers (later rebranded as Skrill).

Similar to services like like Square, PayPal’s Here, iZettle, mPowa, Payleven and Intuit’s GoPayment, SumUp works by way of a free dongle that attaches to a smartphone or tablet — in its case an Android or iOS device — which can then be used with an app to read cards and take payments. And like the others, SumUp is targeting the large swathe of merchants and small businesses who currently do not have the facilities to take card payments. But if this sounds a little me-too and crowded, it’s clearly a space where investors still see a lot of opportunity for a startup to make a killing.

SumUp estimates that there are some 20 million small businesses in Europe today, but a large part of them are still only able to take payments by cash and checks because of the costs and infrastructure associated with traditional card payment services. Like others in the mobile payment space SumUp is banking on the growing uptake of smartphones — currently 32% penetration in Europe overall — and the increasing reliance on card transactions — they’re growing by 18% annually — to change that.

What is perhaps noteworthy about SumUp is that it is kicking off with a full launch — not a limited beta — in these four countries, with two of them, Germany and the UK, being some of the largest retail markets in Europe. The biggest competitor in Europe, iZettle, has up to now carved out some market share in the Nordics but is still only in beta in the UK; and of course Square and PayPal, the two biggest players in the U.S., have yet to enter the market here — although that seems to be something coming very soon.

[The launch today comes after a four-month closed beta in Germany, the UK, Ireland and Austria, which had been spotted early on by the German blog Deutsche Startups. The company has some 100 employees working in Berlin, Dublin and London.]

SumUp takes a 2.75% cut of every transaction made using its reader. It currently works with MasterCard, Visa and Europay and Stefan Jeschonnek, the MD and another co-founder, says that it’s currently in discussions with other card companies to extend that list.

You may recall that iZettle has been in a pickle in Europe over Visa cutting off its service because of the method iZettle uses to authenticate card users — iZettle requires a signature, which Visa says doesn’t meet its requirements. SumUp also takes signatures for authentication, but only on MasterCard transactions. For Visa customers get sent an SMS with a secure link, which they have to access on their devices to manually enter their full card numbers.

That sounds cumbersome, but Jeschonnek says SumUp is working on another method to speed up that process in future. “We are looking at different technology that we can use, and we are considering the chip-and-PIN solution [used by merchants who have payment terminals],” he says.

Another notable aspect of SumUp’s service is that the company is already developing the idea as more than just a point-of-sale card payment provision. Merchants have the option of using the app to preload several items that they sell, and that effectively turns SumUp into a kind of cash register.

This is, for now, limited to being used within SumUp’s own service, although Jeschonnek says it is also looking at how it might leverage APIs to offer this kind of functionality within merchant’s own apps.

“But right now we’re mainly focused on the problem of getting merchants to take cards,” he says. “We’re trying to solve a problem that still hasn’t been solved.”


Make Way For Another European Square: SumUp Launches With $20M+ In Backing