The GID Report #4 — Senate hearing, Capital One, Facebook settlement, and the Invention of Money
Welcome to The GID Report, a biweekly update that includes globaliD team news, market perspectives, and industry analysis.
Applications are now closed, and we have a great and talented pool of submissions for the inaugural Self Sovereign Identity Incubator.
Here’s Heather Dahl, Executive Director & CEO of Sovrin, on the Self Sovereign Identity Incubator.
And in case you missed it, globaliD co-founder and CEO Greg Kidd on why identity has never been more critical.
This week, we’ll be covering:
- The Senate banking hearing on crypto/blockchain
- The Capital One hack
- Facebook’s $5 billion settlement
- Antitrust for big tech
- This week in Libra
- This week in identity
- This week in blockchain
- The invention of money
1. The Senate banking hearing on crypto/blockchain
The big news last week was the Senate banking committee hearing — but in all, we didn’t learn too much we didn’t already know. Crypto and blockchain is here to stay. The US continues to lag as it stumbles toward a regulatory framework that conceivably both helps the industry mature while fostering innovation. And there are still plenty of skeptics out there who would love to nip the movement’s wings.
At the hearing, we got testimonies of 3 flavors:
The believer: Mr. Jeremy Allaire (testimony)
The regulator: Dr. Rebecca M. Nelson (testimony)
The skeptic: Professor Mehrsa Baradaran (testimony)
As Greg noted:
“I thought it was an interesting (and correct) observation that if you wanted to have universal financial inclusion, the post office could give everyone an account (through the government) and be a point of service. The point was that the ultimate challenges are one of policy rather than technical.”
Meanwhile, banks are also being forced to evolve. Whether that means dumbing down their business models or closing branches to pivot toward mobile, something’s gotta give.
And without the burden of legacy platforms and thinking, it’s not surprising much of it is coming from China.
In the US, fintech continues to march forward.
2. The Capital One hack
Speaking of banks, as you’ve probably heard, Capital One got hit with a massive hack putting 100 million customers at risk. Commentary from WSJ’s Robert McMillan:
Capital One’s data breach is causing a lot of companies that have moved to the cloud to ask two important questions: Could they be vulnerable to the same kind of hack, and could Amazon do more to protect its customers? The answer, it turns out, is yes on both counts. Our reporting found, for example, that at least 800 other Amazon users are vulnerable to the same type of attack.
Another intriguing part of the story is the accused hacker’s past. In her online chats, there are details that point to a deep understanding of cloud security. She claimed, for example, that some of Amazon’s data centers had higher levels of security than others (Amazon disputes this). And she knew what tricks to use to keep her digital footprints hidden from Amazon’s forensics team. “She clearly has good skills with scripts, good skills with coding and an intimate knowledge of the [Amazon Web Services] back-end,” said Rob Ragan, a security researcher with Bishop Fox, a security consulting firm.
3. Facebook’s $5 billion settlement
So Facebook’s $5B settlement became official Wednesday morning. Notably, they had to make a bunch of governance concessions — with privacy front and center. Primarily, Mark Zuckerberg will be legally liable now for such compliance as he has to sign off on quarterly reports. Here’s a quick overview of the terms:
- Appoint a “Chief Privacy Officer for Product” to oversee a newly required privacy protection program.
- Publicly disclose when the data of 500 or more users has been exposed in a way that violates its terms.
- Bar the use of phone numbers, when they are provided for security features like two-factor authentication, to target advertising or share them with third parties.
- Take steps to protect the security of user passwords.
- Notify and obtain consent from users when creating a template for facial recognition based on their faces.
- Have CEO Mark Zuckerberg sign off on quarterly compliance reports.
As always, not everyone’s satisfied. Here’s FTC commissioner Rebecca Kelly Slaughter’s dissenting statement. Her primary concerns:
(1) The negotiated civil penalty is insufficient under the applicable statutory factors we are charged with weighing for order violators: injury to the public, ability to pay, eliminating the benefits derived from the violation, and vindicating the authority of the FTC.
(2) While the order includes some encouraging injunctive relief, I am skeptical that its terms will have a meaningful disciplining effect on how Facebook treats data and privacy. Specifically, I cannot view the order as adequately deterrent without both meaningful limitations on how Facebook collects, uses, and shares data and public transparency regarding Facebook’s data use and order compliance.
(3) Finally, my deepest concern with this order is that its release of Facebook and its officers from legal liability is far too broad.
One thing is clear though — the prevailing political and societal headwinds march toward a direction very much aligned with the globaliD vision.
Here’s Facebook’s blog post on the matter — Mark Zuckerberg. Excerpt:
As part of this settlement, we’re bringing our privacy controls more in line with our financial controls under the Sarbanes-Oxley legislation. Our executives, including me, will have to certify that all of the work we oversee meets our privacy commitments. Just as we have an audit committee of our board to oversee our financial controls, we’ll set up a new privacy committee of our board that will oversee our privacy program. We’ve also asked one of our most experienced product leaders to take on the role of Chief Privacy Officer for Products.
To implement this, we’ll have to review our technical systems to document any privacy risks and how we’re handling them. Going forward, when we ship a new feature that uses data, or modify an existing feature to use data in new ways, we’ll have to document any risks and the steps we’re taking to mitigate them. We expect it will take hundreds of engineers and more than a thousand people across our company to do this important work. And we expect it will take longer to build new products following this process going forward.
The Great Hack | Netflix Official Site (new documentary on Cambridge Analytica scandal)
4. Antitrust for big tech
The FTC wasn’t done there though with their latest initiative being revealed later that day — antitrust for big tech. (The Justice Department is looking into the matter as well.) Here’s the NYT — Facebook Antitrust Inquiry Shows Big Tech’s Freewheeling Era Is Past:
Hours later, Facebook also disclosed that it was the target of an antitrust investigation by the F.T.C. While the agency was known to be looking into the company and whether it had used its reach and clout to reduce competition, a formal investigation starts a more intensive phase of examination. The company also confirmed that the Justice Department had contacted it this month as part of the agency’s sweeping antitrust review of the tech giants, which it made public on Tuesday.
The developments highlighted the new reality for big tech companies: Scrutiny from regulators and lawmakers has become a constant.
5. This week in Libra
David birch on Libra: KYC or KYZ?
6. This week in identity
7. This week in blockchain
8. The invention of money
And finally, here’s a super fun piece from the New Yorker:
Greg Kidd — Co-Founder and CEO, globaliD
Rebecca Schwartz — Product Manager, globaliD
Craig Dalton—Bike Index, Hard Yaka