Facebook has challenged the FTC’s antitrust case against it using a standard playbook that questions the agency’s arguably expansive approach to defining monopolies. But the old arguments of “we’re not a monopoly because we never raised prices” and “how can it be anticompetitive if we never allowed competition” may soon be challenged by new doctrine and the new administration.
In a document filed today which you can read at the bottom of this post, Facebook lays out its case with a tone of aggrieved pathos:
By a one-vote margin, in the fraught environment of relentless criticism of Facebook for matters entirely unrelated to antitrust concerns, the agency decided to bring a case against Facebook that ignores its own prior decisions, controlling precedent, and the limits of its statutory authority.
Yes, Facebook is the victim here, and don’t you forget it. (Incidentally, the FTC, like the FCC, is designed to split 3:2 along party lines, so the “one vote margin” is what one sees for many important measures.)
But after the requisite crying comes the reluctant explanation that the FTC doesn’t know its own business. The suit against Facebook, the company argues, should be spiked by the judge because it fails along three lines.
First, the FTC does not “allege a plausible relevant market.” After all, to have a monopoly, one must have a market over which to exert that monopoly. And the FTC, Facebook argues, has not done so, alleging only a nebulous “personal social networking” market, and “no court has ever held that such a free goods market exists for antitrust purposes,” and the FTC ignores the “relentlessly competitive” advertising market that actually makes the company money.
Ultimately, the FTC’s efforts to structure a crabbed ‘use’ market for a free service in which it can claim a large Facebook ‘share’ are artificial and incoherent.
The implication here is not just that the FTC has failed to define the social media market (and Facebook won’t do so itself), but that such a market may not even exist because social media is free and the money is made by a different market. This is a variation on a standard big tech argument that amounts to “because we do not fall under any of the existing categories, we are effectively unregulated.” After all you cannot regulate a social media company by its advertising practices or vice versa (though they may be intertwined in some ways, they are distinct businesses in others).
Thusly Facebook attempts, like many before it, to squeeze between the cracks in the regulatory framework.
This continues with the second argument, which says that the FTC “cannot establish that Facebook has increased prices or restricted output because the agency acknowledges that Facebook’s products are offered for free and in unlimited quantities.”
The argument is literally that if the product is free to the consumer, it is by definition not possible for the provider to have a monopoly. When the FTC argues that Facebook controls 60 percent of the social media market (which of course doesn’t exist anyway), what does that even mean? 60 percent of zero dollars, or 100 percent, or 20 percent, is still zero.
The third argument is that the behaviors the FTC singles out — purchasing up-and-coming competitors for enormous sums and nipping others in the bud by restricting its own platform and data — are not only perfectly legal but that the agency has no standing to challenge them, having given its blessing before and having no specific illegal activity to point to at present.
Of course the FTC revisits mergers and acquisitions all the time, and there’s precedent for unraveling them long afterwards if, for instance, new information comes to light that was not available during the review process.
“Facebook acquired a small photo-sharing service in 2012, Instagram… after that acquisition was reviewed and cleared by the FTC in a unanimous 5-0 vote,” the company argues. Leaving aside the absurd characterization of the billion-dollar purchase as “small,” leaks and disclosures of internal conversations contemporary with the acquisition have cast it in a completely new light. Facebook, then far less secure than it is today, was spooked and worried that Instagram may eat its lunch, and it was better to buy than compete.
The FTC addresses this and indeed many of the other points Facebook raises in a FAQ it posted around the time of the original filing.
Now, some of these arguments may have seemed a little strange to you. Why should it matter if a market has money from consumers being exchanged if there is value exchanged elsewhere contingent on those users’ engagement with the service, for instance? And how can the depredations of a company in the context of a free product that invades privacy (and has faced enormous fines for doing so) be judged by its actions in an adjacent market, like advertising?
The simple truth is that antitrust law has been stuck in a rut for decades, weighed down by doctrine that states that markets are defined by the price of a product and whether a company can increase it arbitrarily. A steel manufacturer that absorbs its competitors by undercutting them and then later raises prices when it is the only option is a simple example and the type that antitrust laws were created to combat.
If that seems needlessly simplistic, well, it’s more complicated in practice and has been effective in many circumstances — but the last 30 years have shown it to be inadequate to address the more complex multi-business domains of the likes of Microsoft, Google, and Facebook (to say nothing of TechCrunch parent company Verizon, which is a whole other matter).
The ascendance of Amazon is one of the best examples of the failure of antitrust doctrine, and resulted in a breakthrough paper called “Amazon’s Antitrust Paradox” which pilloried these outdated ideas and showed how network effects led to subtler but no less effective anticompetitive practices. Establishment voices decried it as naive and overreaching, and progressive voices lauded it as the next wave of antitrust philosophy.
It seems that the latter camp may win out, as the author of this controversial paper, Lina Khan, has just been nominated for the vacant 5th Commissioner position at the FTC.
Whether or not she is confirmed (she will face fierce opposition, no doubt, as an outsider plainly opposed to the status quo), her nomination validates her view as an important one. With Khan and her allies in charge at the FTC and elsewhere, the decades-old assumptions that Facebook relies on for its pro forma rejection of the FTC lawsuit may be challenged.
That may not matter for the present lawsuit, which is unlikely to be subject to said rules given its rather retrospective character, but the gloves will be off for the next round — and make no mistake, there will be a next round.
Federal Trade Commission v Facebook Inc Dcdce-20-03590 0056.1 by TechCrunch on Scribd
Twitter says it’s running a test with a small subset of iOS and Android users to “give people an accurate preview” of what an image will look like without the trial and error that process involves now. As it stands now, the platform automatically crops images to make them display in a more condensed way in the timeline, where users often scroll through without clicking on an image preview. But that approach has created some problems.
Today we’re launching a test to a small group on iOS and Android to give people an accurate preview of how their images will appear when they Tweet a photo. pic.twitter.com/cxu7wv3Khs
— Dantley Davis (@dantley) March 10, 2021
The biggest one, historically, is that Twitter’s algorithm that decides which part of an image gets the focus was demonstrated to have baked-in racial bias. The algorithm prioritized white faces over Black ones in its image preview, even cropping out the former president of the United States in one person’s tests.
Twitter’s automatic image handling is also hassle for photographers and artists, who generally prefer to have total control over how an image is presented. If the crop is off, that small misfire can be the difference between a photo attracting a ton of attention or getting ignored outright. It also ruins narrative tweets, as Twitter notes in its example of the tweet about a dog who is conspicuously absent from one of its crops.
It sounds like Twitter is also trying out showing more full images in the timeline. In tweets, Twitter’s Chief Design Officer Dantley Davis said that anyone testing the new image cropping system will find that most single image tweets in normal aspect ratios won’t get a crop at all, though super wide or super tall images will get a crop weighted around the center.
For photographers (present company included) tired of toggling between Instagram’s preference for portrait-oriented images and Twitter’s insistence on landscape crops, that’s good news too. As you can see in the sample image, the change could actually make Twitter a richer visual platform. That would likely mean more scrolling past images that take up multiple tweets worth of vertical space, but we’d be happy to trade the time spent clicking through images for a prettier Twitter timeline.
This morning Arist, a startup that sells software allowing other organizations to offer SMS-based training to staff, announced that it has extended its seed round to $3.9 million after adding $2 million to its prior raise.
TechCrunch has covered the company modestly before this seed-extension, noting that it was part of the CRV-backed Liftoff List, and reporting on some of its business details when it took part in a recent Y Combinator demo day.
Something that stood out in our notes on the company when it presented at the accelerator’s graduation event was its economics, with our piece noting that the startup “already [has] several big ticket clients and [says it] will soon be profitable.” Profitable is just not a word TechCrunch hears often when it comes to early-stage, high-growth companies.
So, when the company picked up more capital, we picked up the phone. TechCrunch spoke with the company’s founding team, including Maxine Anderson, the company’s current COO; Ryan Laverty, its president; and Michael Ioffe, its CEO, about its latest round.
According to the trio, Arist raised its initial $1.9 million around the time it left Y Combinator, a round that was led by Craft Ventures at a $15 million valuation. Following that early investment, the company’s business with large clients performed well, leading to it closing $2 million more last December. The founders said that the new funds were raised at a higher price-point than its previous seed tranche.
The second deal was led by Global Founders Capital.
The company’s enterprise adoption makes sense, as all large companies have regular training requirements for their workers; and as anyone who has worked for a megacorp knows, current training, while improved in recent years, is far from perfect. Arist is a bet that lots of corporate training — and the training that emanates from governments, nonprofits and the like — can be sliced into small pieces and ingested via text-message.
For that the company charges around $1,000 per month, minimum.
Arist did catch something of a COVID wave, with its founding team telling TechCrunch that pitching its service to large companies got easier after the pandemic hit. Many concerns better realized how busy their staff was when they moved to working from home, the trio explained, and with some folks suffering from limited internet connectivity, text-based training helped pick up slack.
We were also curious about how the startup onboards customers to the somewhat new text-based learning world; is there a steep learning curve to be managed? As it turns out, the startup helps new customers build their first course. And, in response to our question about the expense of that effort, the Arist crew said that they use freelancers for the task, keeping costs low.
Recently Arist has expanded its engineering staff, and plans to scale from around 11 people today to around 30 by the end of the year. And while Anderson, Laverty and Ioffe are based in Boston, they are hiring remotely. The startup serves global customers via a WhatsApp integration. So Arist should be able to scale its staff and customer base around the world effectively from birth. (This is the new normal, we reckon.)
What’s ahead? Arist wants to grow its revenues by 5x to 10x by the end of the year, hire, and might share if it wants to raise more capital around the end of the year.
Oh, and it partners with Twilio to some degree, though the group was coy on just what sort of discounts it may receive; the founding team merely noted that they liked the SMS giant and deferred further commentary.
All told, Arist is what we look for in an early-stage startup in terms of growth, vision and potential market scale — the startup thinks that 80% of training should be via SMS or Slack and Teams, the latter two of which are a hint about its product direction. But Arist feels a bit more mature financially than some of its peers, perhaps due to its price point. Regardless, we’ll check back in at the mid-point of the year and see how growth is ticking along at the company.
As the U.S. reportedly readies for retaliation against Russia for hacking into some of the government’s most sensitive federal networks, the U.S. is facing another old adversary in cyberspace: China.
Microsoft last week revealed a new hacking group it calls Hafnium, which operates in, and is backed by, China. Hafnium used four previously unreported vulnerabilities — or zero-days — to break into at least tens of thousands of organizations running vulnerable Microsoft Exchange email servers and steal email mailboxes and address books.
It’s not clear what Hafnium’s motives are. Some liken the activity to espionage — a nation-state gathering intelligence or industrial secrets from larger corporations and governments.
But what makes this particular hacking campaign so damaging is not only the ease with which the flaws can be exploited, but also how many — and how widespread — the victims are.
Security experts say the hackers automated their attacks by scanning the internet for vulnerable servers, hitting a broad range of targets and industries — law firms and policy think tanks, but also defense contractors and infectious disease researchers. Schools, religious institutions, and local governments are among the victims running vulnerable Exchange email servers and caught up by the Hafnium attacks.
While Microsoft has published patches, the U.S. federal cybersecurity advisory agency CISA said the patches only fix the vulnerabilities — and won’t close any backdoors left behind by the hackers.
CISA is aware of widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities and urges scanning Exchange Server logs with Microsoft's IOC detection tool to help determine compromise. https://t.co/khgCR2LAs0. #Cyber #Cybersecurity #InfoSec
— US-CERT (@USCERT_gov) March 6, 2021
There is little doubt that larger, well-resourced organizations have a better shot at investigating if their systems were compromised, allowing those victims to prevent further infections, like destructive malware or ransomware.
But that leaves the smaller, rural victims largely on their own to investigate if their networks were breached.
“The types of victims we have seen are quite diverse, many of whom outsource technical support to local IT providers whose expertise is in deploying and managing IT systems, not responding to cyber threats,” said Matthew Meltzer, a security analyst at Volexity, a cybersecurity firm that helped to identify Hafnium.
Without the budget for cybersecurity, victims can always assume they are compromised – but that doesn’t equate to knowing what to do next. Patching the flaws is just one part of the recovery effort. Cleaning up after the hackers will be the most challenging part for smaller businesses that may lack the cybersecurity expertise.
It’s also a race against the clock to prevent other malicious hackers from discovering or using the same vulnerabilities to spread ransomware or launch destructive attacks. Both Red Canary and Huntress said they believe hacking groups beyond Hafnium are exploiting the same vulnerabilities. ESET said at least ten groups were also exploiting the same server flaws.
Katie Nickels, director of intelligence at threat detection firm Red Canary, said there is “clearly widespread activity” exploiting these Exchange server vulnerabilities, but that the number of servers exploited further has been fewer.
“Cleaning up the initial web shells will be much easier for the average IT administrator than it would be to investigate follow-on activity,” said Nickels.
Microsoft has published guidance on what administrators can do, and CISA has both advice and a tool that helps to search server logs for evidence of a compromise. And in a rare statement, the White House’s National Security Council warned that patching alone “is not remediation,” and urged businesses to “take immediate measures.”
Patching and mitigation is not remediation if the servers have already been compromised. It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted. https://t.co/HYKF2lA7sn
— National Security Council (@WHNSC) March 6, 2021
How that advice trickles down to smaller businesses will be watched carefully.
Cybersecurity expert Runa Sandvik said many victims, including the mom-and-pop shops, may not even know they are affected, and even if they realize they are, they’ll need step-by-step guidance on what to do next.
“Defending against a threat like this is one thing, but investigating a potential breach and evicting the actor is a larger challenge,” said Sandvik. “Companies have people who can install patches — that’s the first step — but figuring out if you’ve been breached requires time, tools, and logs.”
Security experts say Hafnium primarily targets U.S. businesses, but that the attacks are global. Europe’s banking authority is one of the largest organizations to confirm its Exchange email servers were compromised by the attack.
Norway’s national security authority said that it has “already seen exploitation of these vulnerabilities” in the country and that it would scan for vulnerable servers across Norway’s internet space to notify their owners. Slovenia’s cybersecurity response unit, known as SI-CERT, said in a tweet that it too had notified potential victims in its internet space.
Sandvik said the U.S. government and private sector could do more to better coordinate the response, given the broad reach into U.S. businesses. CISA proposed new powers in 2019 to allow the agency to subpoena internet providers to identify the owners of vulnerable and unpatched systems. The agency just received those new powers in the government’s annual defense bill in December.
“Someone needs to own it,” said Sandvik.
Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using SecureDrop.